[go: up one dir, main page]

US20130160086A1 - Secure client authentication and service authorization in a shared communication network - Google Patents

Secure client authentication and service authorization in a shared communication network Download PDF

Info

Publication number
US20130160086A1
US20130160086A1 US13/527,486 US201213527486A US2013160086A1 US 20130160086 A1 US20130160086 A1 US 20130160086A1 US 201213527486 A US201213527486 A US 201213527486A US 2013160086 A1 US2013160086 A1 US 2013160086A1
Authority
US
United States
Prior art keywords
network device
client
service
matching
managing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/527,486
Other versions
US9003492B2 (en
Inventor
Srinivas Katar
Lawrence W. Yonge, III
Richard E. Newman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Atheros Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US13/527,486 priority Critical patent/US9003492B2/en
Application filed by Qualcomm Atheros Inc filed Critical Qualcomm Atheros Inc
Priority to KR1020147001689A priority patent/KR101543445B1/en
Priority to PCT/US2012/043415 priority patent/WO2012177812A1/en
Priority to JP2014517134A priority patent/JP5755805B2/en
Priority to EP12733313.6A priority patent/EP2724516B1/en
Priority to CN201280030511.7A priority patent/CN103765857B/en
Assigned to QUALCOMM ATHEROS, INC. reassignment QUALCOMM ATHEROS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KATAR, SRINIVAS, YONGE, LAWRENCE W., III, NEWMAN, RICHARD E.
Assigned to QUALCOMM INCORPORATED reassignment QUALCOMM INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: QUALCOMM ATHEROS, INC.
Publication of US20130160086A1 publication Critical patent/US20130160086A1/en
Application granted granted Critical
Publication of US9003492B2 publication Critical patent/US9003492B2/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L50/00Electric propulsion with power supplied within the vehicle
    • B60L50/50Electric propulsion with power supplied within the vehicle using propulsion power supplied by batteries or fuel cells
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J7/00Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
    • H02J7/00032Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries characterised by data exchange
    • H02J7/00045Authentication, i.e. circuits for checking compatibility between one component, e.g. a battery or a battery charger, and another component, e.g. a power source
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B2203/00Indexing scheme relating to line transmission systems
    • H04B2203/54Aspects of powerline communications not already covered by H04B3/54 and its subgroups
    • H04B2203/5429Applications for powerline communications
    • H04B2203/5458Monitor sensor; Alarm systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1021Server selection for load balancing based on client or server locations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1023Server selection for load balancing based on a hash applied to IP addresses or costs

Definitions

  • Embodiments of the inventive subject matter generally relate to the field of communication networks and, more particularly, to secure client authentication and service authorization in a shared communication network.
  • Electric vehicles typically charge from conventional power outlets or dedicated charging stations. Prior to receiving power from the charging stations, the charging station can ensure that the user of the electric vehicle has a valid account and proper authorization to receive the electric power and to pay for the received electric power.
  • a secure communication channel is established between a client network device and a managing network device of a communication network based, at least in part, on a client identifier of the client network device.
  • the managing network device causes the client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of service providers of the communication network.
  • the client network device is securely matched with a first of the plurality of service providers.
  • a service voucher is securely received at the managing network device from the accounting network device authorizing one or more of the service providers of the communication network to service the client network device in response to the accounting network device executing the account authorizing process with the client network device.
  • the service voucher is securely transmitted from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider.
  • FIG. 1 is an example conceptual diagram of a broadcast authentication mechanism in a communication network
  • FIG. 2 is a flow diagram illustrating example operations of a key distribution unit executing the broadcast authentication mechanism
  • FIG. 3 is an example conceptual diagram of a distributed authentication mechanism in a communication network
  • FIG. 4 is a flow diagram illustrating example operations of a matching authorization unit in a distributed client authentication and service authorization environment
  • FIG. 5 is a flow diagram illustrating example operations of a customer device in a distributed client authentication and service authorization environment.
  • FIG. 6 is a block diagram of one embodiment of an electronic device including a broadcast authentication and service matching mechanism in a communication network.
  • an association between the electric vehicle and one of the charging stations may be established to enable the electric vehicle to receive power from the charging station.
  • messages between the electric vehicle and the charging station may be exchanged (e.g., for authenticating the electric vehicle, etc.) via a shared communication medium, it may be possible for malicious users to intercept legitimate communications, transmit counterfeit messages, cause confusion at the charging station, and steal power intended for the electric vehicle.
  • Traditional methods for authenticating broadcast messages transmitted by the electric vehicle rely on either the electric vehicle using a public key signature to sign each message or a key distributor providing a unique electric vehicle verification key to each of the charging stations over a secure connection.
  • the electric vehicle verification key may be transmitted to all the charging stations even though only a small subset of the charging stations may actually use the electric vehicle verification key to verify the messages from the electric vehicle.
  • a broadcast authorization mechanism can be implemented in the charging facility to validate the electric vehicle and to ensure that the electric vehicle that transmitted a message is the same as the electric vehicle that is connected in the charging facility.
  • a key distributor and the charging stations of the charging facility can have a priori knowledge of a master key.
  • the key distributor can determine a unique vehicle verification key for the electric vehicle based on a vehicle identifier (ID) and one or more other parameters (e.g., sequence number, timestamp, location, random number, etc.).
  • the electric vehicle can sign messages (transmitted from the electric vehicle) using the vehicle verification key and can also provide the vehicle ID and the one or more other parameters (in the transmitted message).
  • the charging station can derive the vehicle verification key and authenticate the received message.
  • a broadcast authentication mechanism can enable secure communications between the electric vehicle and the charging stations, and can enable the charging stations to authenticate transmissions from the electric vehicle without expensive computations and without exchanging a large number of messages.
  • whether an electric vehicle receives power at a charging facility may be contingent on two factors—1) identification of the charging station that should provide power to the electric vehicle (“service matching”) and 2) authorization of a payment account (“account authorization”) associated with the electric vehicle (e.g., determining whether the electric vehicle can pay for the received power). Identifying the charging station may be a local decision. However, authorizing the payment account may involve communicating with a remote account authorization unit (e.g., via the Internet) and this can incur communication latencies. Traditional authorization mechanisms are sequential where the charging station that should provide power to the electric vehicle is not identified until the payment account associated with the electric vehicle is authorized. Communication latencies and network latencies can result in the user of the electric vehicle having to wait for a significant amount of time between connecting the electric vehicle to the charging facility and the electric vehicle receiving power.
  • a distributed authorization architecture can be implemented to minimize latency between the time instant when the electric vehicle connects to the charging facility and the time instant when the electric vehicle receives power.
  • the service matching process and the account authorization process may be executed in parallel.
  • a local matching authorization unit can initiate the service matching process for the electric vehicle and can prompt a remote account authorization unit to initiate the account authorization process for the electric vehicle.
  • the matching authorization unit can match the electric vehicle to one of the charging stations (“matched charging station”).
  • the matching authorization unit can receive a service voucher (e.g., indicating whether the account was authorized, the type and amount of power that can be provided to the electric vehicle, etc.) from the account authorization unit.
  • the matching authorization unit can provide the service voucher to the matched charging station and can cause the matched charging station to provide power to the electric vehicle in accordance with the service voucher.
  • a distributed authorization architecture where the service matching process executes in parallel with the account authorization process can reduce the latency between the electric vehicle connecting to the charging facility and receiving electric power.
  • FIG. 1 is an example conceptual diagram of a broadcast authentication mechanism in a communication network 100 .
  • the communication network 100 comprises an electric vehicle 102 , a key distribution unit 104 , and charging stations 110 , 112 , and 114 .
  • the electric vehicle 102 comprises a communication unit 103 .
  • the communication unit 103 can implement protocols and functionality to enable the electric vehicle 102 to communicate with the key distribution unit 104 and one or more of the charging stations 110 , 112 , and 114 in the communication network 100 .
  • the key distribution unit 104 comprises a key generation unit 106 and a transceiver unit 108 .
  • the communication network 100 can be a shared communication network (e.g., a powerline communication (PLC) network).
  • PLC powerline communication
  • the communication network 100 can be other suitable types of networks (e.g., Ethernet over Coax (EoC), wireless local area networks (WLAN), such as IEEE 802.11 networks, etc.). All the charging stations 110 , 112 , and 114 and the key distribution unit 104 may be trusted entities with respect to each other.
  • the key distribution unit 104 and the charging stations 110 , 112 , and 114 can be communicatively coupled using wireless communication protocols (e.g., WLAN, Bluetooth, etc.) or using wired communication protocols (e.g., PLC, Ethernet, etc.).
  • wireless communication protocols e.g., WLAN, Bluetooth, etc.
  • wired communication protocols e.g., PLC, Ethernet, etc.
  • the electric vehicle 102 connects to the communication network 100 and provides security credentials to the key distribution unit 104 .
  • the electric vehicle 102 e.g., the communication unit 103
  • the electric vehicle 102 may transmit a vehicle identifier (ID).
  • the electric vehicle 102 may also provide other suitable security credentials (e.g. an X.509v3 certificate with public keys bound to the vehicle ID) to the key distribution unit 104 .
  • the key distribution unit 104 may be another network device (e.g., a managing network device or a coordinator device) that is distinct from the charging stations 110 , 112 , and 114 .
  • one of the charging stations in the communication network 100 can be designated as the key distribution unit 104 .
  • the key distribution unit 104 can use the vehicle ID and other suitable information to generate a signing key that can be used by the electric vehicle 102 for transmitting messages and by the charging stations for verifying the authenticity of messages received from the electric vehicle 102 .
  • the key distribution unit 104 establishes a secure communication link with the electric vehicle 102 after validating the security credentials received from the electric vehicle 102 , as will be further described in blocks 204 - 208 of FIG. 2 .
  • the key generation unit 106 generates a temporary sender signing key based, at least in part, on the received security credentials and a master key associated with the key distribution unit. For example, the key generation unit 106 can generate the temporary sender signing key based, at least in part, on the vehicle ID received at stage A and the master key.
  • the master key may be known to the key generation unit 106 and to all the charging stations 110 , 112 , and 114 in the communication network 100 . In one embodiment, the key generation unit 106 can generate the master key and can distribute the master key to all the charging stations 110 , 112 , and 114 in the communication network 100 .
  • one of the charging stations 110 can generate the master key and can distribute the master key to the key generation unit 106 and to the other charging stations 112 and 114 .
  • a subset of the charging stations (which may or may not include the key generation unit 106 ) may generate the master key.
  • the master key may be predetermined and provided (e.g., input by a network administrator during an installation process, hardcoded during a manufacturing process, etc.) to the key generation unit 106 and to the charging stations 110 , 112 , and 114 .
  • the key generation unit 106 can use a keyed one-way hash function (H) to generate the temporary sender signing key.
  • the key generation unit 106 can use the master key as a key for the hash function.
  • the input to the hash function can be the security credentials associated with the electric vehicle 102 (e.g., vehicle ID).
  • the input to the hash function can be a concatenation (or another combination) of the vehicle ID and one or more other parameters (e.g., a sequence number, a timestamp, a random value, a location identifier, etc.).
  • the key generation unit 106 may increment the sequence number each time the key generation unit 106 distributes a new temporary sender signing key to the electric vehicle 102 .
  • the timestamp may include a start time and an end time for which the temporary sender signing key is valid. Combining the vehicle ID with one or more other parameters (e.g., the sequence number, the timestamp, the random value, the location identifier, etc.) can prevent spoofing attacks. It should be noted that the temporary sender signing key is unique to the electric vehicle, so that the charging stations 110 , 112 , and 114 can uniquely associate the messages sent by a particular electric vehicle with that electric vehicle.
  • the electric vehicle 102 uses the temporary sender signing key to sign messages scheduled to be transmitted to the charging stations 110 , 112 , 114 .
  • the messages transmitted to the charging stations 110 , 112 , and 114 can include the vehicle ID and the one or more other parameters that were used by the key generation unit 106 to generate the temporary sender signing key (e.g., the sequence number, the timestamp, the random value, the location identifier, etc.).
  • the electric vehicle 102 may not transmit the temporary sender signing key to the charging stations 110 , 112 , and 114 .
  • the electric vehicle 102 (e.g., the communication unit 103 ) can sign the message using the temporary sender signing key to enable the charging stations 110 , 112 , and 114 to identify and validate the electric vehicle 102 .
  • each message can comprise a message authentication code (MAC) that is based on the temporary sender signing key and the content of the message.
  • MAC message authentication code
  • the electric vehicle 102 (e.g., the communication unit 103 ) can broadcast the messages to all the charging stations 110 , 112 , and 114 , as depicted in FIG. 1 . In other embodiments, the electric vehicle 102 can broadcast the messages to one (or a subset) of the charging stations 110 , 112 , and 114 .
  • the charging station 110 can validate the message received from the electric vehicle 102 based, at least in part, on information in the received message and the master key. For example, the charging station 110 (and also the charging stations 112 and 114 ) can verify the message authentication code in the received message by performing the same operations as the key generation unit 106 (described in stage C) using the information provided by the electric vehicle 102 in the message (e.g., the vehicle ID, sequence number, the timestamp, the random value, the location identifier, etc.) and the master key known to the charging station 110 . This can enable the charging station 110 to verify the signature in the received message without obtaining additional information from the key distribution unit 104 .
  • the charging station 110 can verify the message authentication code in the received message by performing the same operations as the key generation unit 106 (described in stage C) using the information provided by the electric vehicle 102 in the message (e.g., the vehicle ID, sequence number, the timestamp, the random value, the location identifier, etc.) and the master key known to the
  • FIG. 2 is a flow diagram (“flow”) 200 illustrating example operations of a key distribution unit executing the broadcast authentication mechanism. The flow begins at block 202 .
  • a key distribution unit of a communication network receives security credentials associated with a network device (“sender device”) that connects to the communication network.
  • the sender device can be a plug-in electric vehicle (PEV).
  • PEV plug-in electric vehicle
  • the electric vehicle 102 can connect to the communication network 100 that comprises one or more charging stations 110 , 112 , and 114 to receive electric power from one of the charging stations.
  • the electric vehicle 102 can then provide its security credentials (e.g., a sender ID) to the key distribution unit 104 .
  • the key distribution unit 104 may be one of the charging stations or may be distinct from the charging stations.
  • the flow continues at block 204 .
  • the key distribution unit 104 can determine whether the security credentials received from the electric vehicle 102 are valid and whether the electric vehicle 102 can be authenticated. If the key distribution unit 104 determines that security credentials associated with the electric vehicle are valid, the flow continues at block 208 . Otherwise, the flow continues at block 206 .
  • a communication channel is not established with the sender device if the security credentials associated with the electric vehicle are determined not to be valid.
  • the flow 200 moves from block 204 to block 206 if the key distribution unit 104 is unable to authenticate the security credentials associated with the electric vehicle 102 .
  • the key distribution unit 104 can determine not to establish a communication channel with the electric vehicle 102 . If the key distribution unit 104 does not establish the communication channel with the electric vehicle 102 , this can indicate that the electric vehicle 102 will not be permitted to receive power from any of the charging stations 110 , 112 , and 114 in the communication network 100 .
  • the key distribution unit 104 may also present a notification (e.g., audio, visual, and/or text notification) to the electric vehicle 102 indicating the inability to establish the communication channel with the electric vehicle 102 . From block 206 , the flow ends.
  • a notification e.g., audio, visual, and/or text notification
  • a secure communication channel is established with the sender device if the security credentials associated with the electric vehicle are determined to be valid.
  • the flow 200 moves from block 204 to block 208 after the key distribution unit 104 authenticates the security credentials associated with the electric vehicle 102 .
  • the key distribution unit 104 can exchange one or more security handshake messages to establish the secure communication channel with the electric vehicle 102 .
  • the key distribution unit 104 can exchange one or more messages with the electric vehicle 102 via the secure communication channel to generate a sender signing key that is unique to the electric vehicle 102 .
  • the electric vehicle 102 can then use the sender signing key to communicate with the charging stations 110 , 112 , and 114 in the communication network 100 .
  • the flow continues at block 210 .
  • a temporary sender signing key is generated based, at least in part, on the security credentials associated with the sender device and a master key associated with the key distribution unit.
  • the key generation unit 106 (of the key distribution unit 104 ) can generate the temporary sender signing key based, at least in part, on the sender ID received at block 202 and the master key.
  • the key generation unit 106 and the charging stations 110 , 112 , and 114 may have a priori knowledge of the master key.
  • various embodiments can use employed to determine/provide the master key to the key generation unit 106 and the charging stations 110 , 112 , and 114 .
  • the key generation unit 106 can use a keyed one-way hash function on the master key, the security credentials (sender ID) associated with the electric vehicle 102 , and one or more other parameters (e.g., a sequence number, a timestamp, a random value, a location identifier, etc.) to generate the temporary sender signing key. Because the temporary sender signing key is unique to the electric vehicle 102 , charging stations can uniquely associate the messages sent by a particular electric vehicle with that electric vehicle 102 . The flow continues at block 212 .
  • the temporary sender signing key is transmitted to the sender device via the secure communication channel.
  • the key distribution unit 104 can transmit (e.g., via the transceiver unit 108 ) the temporary sender signing key to the electric vehicle 102 via the secure communication channel.
  • the key distribution unit 104 can also transmit the sequence number, the timestamp, the random value, the location identifier, and other parameters that were used to generate the temporary sender signing key.
  • the key distribution unit 104 may not transmit the master key to the electric vehicle 102 . As described above with reference to FIG.
  • the electric vehicle 102 can use the temporary sender signing key to sign all messages that it broadcasts to the charging stations 110 , 112 , and 114 so that the charging station (that receives the messages) can easily verify the authenticity of the received messages. From block 212 , the flow ends.
  • FIGS. 1 and 2 describe the key distribution unit 104 transmitting the temporary sender signing key to the sender device (e.g., the electric vehicle 102 ) via an insecure medium over which a secure communication channel has been established, embodiments are not so limited. In other embodiments, the key distribution unit 104 can use an alternate secure communication channel, or a secure, out-of-band means of transmitting the temporary sender signing key to the sender device 102 to minimize the possibility of interception. The key distribution unit 104 may transmit the temporary sender signing key to the sender device 102 via a different communication medium, a separate waveguide, or a different communication band that is less susceptible to interception. In other embodiments, the key distribution unit 104 can use public key encryption techniques (or other suitable encryption techniques) to securely transmit the temporary sender signing key to the sender device 102 .
  • public key encryption techniques or other suitable encryption techniques
  • stage D in FIG. 1 describes the sender device (e.g., the electric vehicle 102 ) transmitting the message including the sender ID and the other parameters used to generate the temporary sender signing key (e.g., the sequence number, the timestamp, the random number, the location, etc.), embodiments are not so limited.
  • the size of the message transmitted by the sender device 102 may not be large enough to accommodate all the parameters that were used to generate the temporary sender signing key.
  • the sender device 102 can transmit the parameters that were used to generate the temporary sender signing key (e.g., the sender ID, the sequence number, the timestamp, the random number, the location, etc.) in one or more separate initialization messages.
  • the sender device 102 may only include the sender ID and sequence number in subsequent messages (along with the message content).
  • the receiver device e.g., the charging station 110
  • the receiver device can derive the temporary sender signing key unique to the sender device 102 from the information provided in the initialization messages.
  • the receiver device 110 can store the derived temporary sender signing key, the sender ID, and the sequence number.
  • the receiver device 110 can look up the previously derived temporary sender signing key based on the sender ID and sequence number received in subsequent messages. The inclusion of the sequence number in the subsequent messages can ensure that the temporary sender signing key associated with the sender device 102 is current (e.g., since the sequence number is incremented each time the sender device 102 receives a new temporary sender signing key).
  • the sender device (e.g., the electric vehicle 102 ) can also transmit a message counter in each message to minimize the possibility of replay attacks.
  • the sender device 102 can also use the message counter to compute the message authentication code associated with the message.
  • the receiver device e.g., the charging station 110
  • the receiver device 110 can receive messages from the sender device 102 and can store the most recently received message counter value.
  • the receiver device 110 can discard any received messages with a message counter value that is less than or equal to the largest message counter value received in a verified message from the sender device 102 .
  • the receiver device 110 can discard information about the temporary signing key (including the message counter, the sequence number, location, etc.) after the expiration time is reached.
  • the sender device 102 may be a plug-in electric vehicle (PEV) that connects to one of the charging stations (also known as an electric vehicle supply equipment or EVSE) in a charging facility.
  • the PEV may connect to the charging station via a charging cable.
  • the charging stations, the PEV, and the key distribution unit may be coupled via a powerline communication channel (or another suitable shared communication medium). Accordingly, multiple charging stations may receive the PEV's transmissions and may try to determine the identity of the PEV transmitting each message.
  • the charging cable that connects the PEV and the charging station may have a control pilot line. The PEV and the charging station can exchange low-speed, secure communications via the control pilot line of the charging cable.
  • the key distribution unit 104 can provide the electric vehicle 102 with the temporary sender signing key via the control pilot line.
  • Other communications can be conducted over the same control pilot line but in a different communication band, or over different lines (e.g., the power lines).
  • FIGS. 1 and 2 describe the key distribution unit 104 generating a temporary sender signing key based on a hash value of the sender ID and/or one or more other parameters (e.g., a sequence number, a location, a random number, a timestamp, etc.), embodiments are not so limited. In other embodiments, other suitable mechanisms can be used to generate the sender signing key.
  • the public key encryption methods can be used and the sender signing key may be a public encryption key.
  • the sender signing key may not be temporary. Instead, the sender signing key may be any suitable sender-specific key that is assigned to the sender device 102 when the sender device 102 connects to the communication network 100 . The sender device 102 can then sign messages (prior to transmitting the messages) with the sender-specific key.
  • FIG. 3 is an example conceptual diagram of a distributed authentication mechanism in a communication network.
  • a local communication network 300 comprises an electric vehicle 302 , a matching authorization unit 304 , and charging stations 306 , 308 , and 310 .
  • the local communication network 300 is also coupled to an account authorization unit 312 which may be at a remote location (e.g., on another communication network).
  • the electric vehicle 302 comprises a communication unit 303 .
  • the communication unit 303 can implement protocols and functionality to enable the electric vehicle 302 to communicate with the matching authorization unit 304 , the account authorization unit 312 , and one or more of the charging stations 306 , 308 , and 310 .
  • the local communication network 300 can be a shared communication network (e.g., a powerline communication network). All the charging stations 306 , 308 , and 310 and the matching authorization unit 304 may be trusted entities with respect to each other.
  • the charging stations 306 , 308 , and 310 and the matching authorization unit 304 can be communicatively coupled using wireless communication protocols (e.g., WLAN, Bluetooth, etc.) or using wired communication protocols (e.g., PLC, Ethernet, etc.).
  • wireless communication protocols e.g., WLAN, Bluetooth, etc.
  • wired communication protocols e.g., PLC, Ethernet, etc.
  • the matching authorization unit 304 can perform three types of functions—1) authenticating the electric vehicle 302 and providing the electric vehicle 302 with a signing key for secure communication, 2) executing a service matching process for determining which charging station should provide power to the electric vehicle 302 , and 3) accepting authorization information from the account authorization unit 312 on behalf of the electric vehicle 302 and forwarding this authorization to the charging station that was matched with the electric vehicle 302 .
  • the matching authorization unit 304 may be another network device (e.g., a managing network device or a coordinator device) that is distinct from the charging stations 306 , 308 , and 310 .
  • one of the charging stations in the local communication network 300 can be designated as the matching authorization unit 304 .
  • a control pilot line transmission (CPLT) line associated with the electric vehicle 302 can be activated.
  • the electric vehicle 302 e.g., a PEV-EVSE matching protocol layer
  • the charging station 306 also can determine that an unmatched electric vehicle 302 is connected to the charging station 306 by detecting that the CPLT line associated with the electric vehicle 302 is activated.
  • the charging station 306 can transmit a notification to the matching authorization unit 304 indicating that an unmatched electric vehicle 302 is connected to the charging station 306 .
  • the charging station 306 and the electric vehicle 302 can also exchange information needed for electric vehicle 302 to join the charging station's network.
  • the electric vehicle 302 could provide a vehicle identifier, information about supported communication protocols, etc. to the charging station 306 .
  • the charging station 306 can be associated with a powerline communication (PLC) network and can provide a charging station identifier, network information, supported PLC protocols (e.g., Green PHY, HomePlug AV, etc.), and other suitable information to enable the electric vehicle 302 to join the charging station's PLC network.
  • PLC powerline communication
  • the electric vehicle e.g., upper protocol layers of the electric vehicle
  • the electric vehicle can use dynamic host control protocol (DHCP) to determine IP addresses, router interfaces, domain name server (DNS) information, and other suitable information for communicating with the matching authorization unit 304 and the account authorization unit 312 .
  • DHCP dynamic host control protocol
  • DNS domain name server
  • the electric vehicle 302 can communicate with the matching authorization unit 304 and the account authorization unit 312 in parallel to enable simultaneous service matching and account authorization.
  • the electric vehicle 302 (e.g., the communication unit 303 ) provides security credentials to the matching authorization unit 304 .
  • the electric vehicle 302 may transmit a customer ID.
  • the electric vehicle 302 may also provide other suitable security credentials bound to the customer ID (e.g. an X.509v3 certificate with public keys bound to the customer ID) to the matching authorization unit 304 .
  • a PEV-EVSE matching protocol layer an prompt the upper protocol layers of the electric vehicle to communicate with the matching authorization unit 304 .
  • the electric vehicle 302 (e.g., PEV upper protocol layers) can use a known URL that references the matching authorization unit 304 .
  • the URL used by the electric vehicle 302 to access the matching authorization unit 304 may be intercepted and locally redirected (to the matching authorization unit 304 ) by a network address translator or a local domain name server.
  • the matching authorization unit 304 establishes a secure communication channel with the customer device (e.g., electric vehicle) 302 after validating the security credentials received from the electric vehicle 302 .
  • the matching authorization unit 304 can authenticate the electric vehicle 302 and establish a communication channel for securely communicating with the electric vehicle 302 based on the customer ID and other security credentials associated with the electric vehicle 302 (e.g., a public encryption key, a X.509v3 certificate with public keys bound to the customer ID).
  • the electric vehicle 302 receives the information associated with the matching authorization unit 304 (“MAS information”) and provides the MAS information and the security credentials bound to the customer ID to the account authorization unit 312 .
  • the MAS information provided by the matching authorization unit 304 can include MAS identity information, MAS location information, etc.
  • the MAS identity information can be an identifier that is mapped to an IP address of the matching authorization unit 304 .
  • the matching authorization unit 304 can also generate a temporary signing key that is unique to the electric vehicle 302 based, at least in part, on a secure hash of the customer ID, a master key, and one or more other parameters (e.g., a sequence number, a random number, a timestamp, etc.), as described above with reference to FIGS. 1-2 .
  • the matching authorization unit 304 may also provide the temporary signing key and the one or more parameters (except the master key) used for generating the temporary signing key to the electric vehicle 302 , as described above in FIGS. 1-2 .
  • the matching authorization unit 304 may comprise the key distribution unit 104 of FIG.
  • the matching authorization unit 304 may itself execute the functionality described above in FIGS. 1-2 for generating the temporary signing key associated with the electric vehicle 302 .
  • the matching authorization unit 304 may access a distinct key distribution unit 104 and can request the key distribution unit 104 to generate the temporary signing key for the electric vehicle 302 .
  • the matching authorization unit 304 can then provide this temporary signing key to the electric vehicle 302 .
  • the matching authorization unit 304 may not generate the temporary signing key but may instead use a public encryption key for secure communication with the electric vehicle 302 .
  • the electric vehicle 302 In response to receiving the MAS information, the electric vehicle 302 (e.g., the communication unit 303 ) can initiate the account authorization process with the account authorization unit 312 by using a known URL that references the account authorization unit.
  • the electric vehicle (or “customer device”) 302 and the account authorization unit 312 can establish a secure communication channel using an X.509v3 certificate associated with the customer device 302 .
  • the electric vehicle 302 can provide the customer ID and the MAS information to the account authorization unit 312 via the established secure communication channel. While the account authorization unit 312 is executing the account authorization process with the electric vehicle 302 , the electric vehicle 302 can execute the service matching process with the matching authorization unit 304 .
  • the account authorization process (e.g., for determining whether the payment account associated with the electric vehicle 302 has sufficient funds to pay for the electric power) can be performed in parallel with the service matching process (e.g., to identify the charging station that is best suited for providing the electric power to the electric vehicle 302 ). Since account authorization may not depend on which of the charging stations will provide electric power to the electric vehicle 302 , the account authorization process can be executed in parallel with the service matching process. This can reduce latency between the electric vehicle 302 joining the local communication network 300 and receiving the electric power from the charging station.
  • the matching authorization unit 304 executes the service matching process and matches the electric vehicle 302 with a charging station 306 in the local communication network 300 .
  • the account authorization unit 312 may be remote and communication between the account authorization unit 312 and the matching authorization unit 304 may incur long latencies.
  • the service matching process may be executed locally, and therefore the matching authorization unit 304 may initiate the service matching process without account authorization (e.g., before the account authorization unit 312 determines whether the payment account has sufficient funds to pay for the services). Initiating the service matching process before account authorization process is completed can reduce latency between the electric vehicle 302 connecting to the network and receiving the electric power.
  • the matching authorization unit 304 may cause the electric vehicle 302 (e.g., the communication unit 303 ) to execute a signal level attenuation characteristics (SLAC) protocol with the local charging stations 306 , 308 , and 310 .
  • the matching authorization unit 304 can transmit one or more SLAC parameters to the electric vehicle 302 (e.g., along with the MAS information at stage C).
  • the SLAC parameters can indicate a number of service matching messages (e.g., sound tones) that should be transmitted to the local charging stations 306 , 308 , and 310 , and a timeout interval for executing the SLAC protocol.
  • the number of service matching messages may be determined based on a number of cables associated with the charging stations, a number of cable harnesses, a maximum number of switch states associated with the charging stations, the type of charging stations, the type of electric vehicle, local noise, and other such factors. In some embodiments, the number of service matching messages (as indicated by the matching authorization unit 304 ) can also take into consideration that some service matching messages may not be detected or missed. In some embodiments, the timeout interval for executing the SLAC protocol can be determined based, at least in part, on a number of electric vehicles in the local communication network 300 , noise levels detected at the charging stations, cable configurations of the charging stations, etc. The matching authorization unit 304 can start a timer based on the timeout interval for SLAC protocol.
  • the electric vehicle 302 when the electric vehicle 302 receives the SLAC parameters from the matching authorization unit 304 , the electric vehicle 302 can initiate operations for executing the SLAC protocol (i.e., without waiting for account authorization from the account authorization unit 312 ).
  • the electric vehicle 302 can transmit one or more initialization messages (e.g., using multi-network broadcast communications (MNBC)) to indicate that operations for the SLAC protocol will begin.
  • MNBC multi-network broadcast communications
  • These initialization messages can also include the timeout interval and the number of service matching messages that will be transmitted in accordance with the SLAC protocol.
  • the electric vehicle 302 can transmit the service matching messages using multi-network broadcast communications.
  • the service matching messages can include a message authentication code that is generated based on a one-way hash of the message content, the signing key, a sequence number, and a message counter. The value of the message counter may be decremented as each service matching message is transmitted. Each service matching message can also include the customer ID, the sequence number, the message counter, and other parameters that were used to generate the signing key. It should be noted that, in other embodiments, the service matching messages may be signed using a key based on a public certificate, or another suitable vehicle-specific key. In some embodiments, after the electric vehicle 302 transmits a first service matching message, the electric vehicle 302 may wait for a predetermined time interval before transmitting a second service matching message.
  • Each charging station 306 that receives the service matching message can determine signal level information (or attenuation information) based on the received service matching message and a time instant at which the service matching message was received (e.g., a receive timestamp). In some embodiments, only the charging stations 306 that are not currently matched with another electric vehicle may process the received service matching messages. The charging station 306 can use the information received in the service matching message in conjunction with the master key to derive the signing key associated with the electric vehicle 302 . The charging station 306 can then use the signing key to authenticate the received service matching messages.
  • the charging station 306 can provide SLAC results for each authenticated service matching message (e.g., the signal level information, the attenuation information, the receive timestamp, etc.) to the matching authorization unit 304 .
  • the matching authorization unit 304 receives the SLAC results from all the charging stations (or after the timeout interval elapses)
  • the matching authorization unit 304 selects one of the charging stations with the best performance to provide electric power to the customer device 302 .
  • the matching authorization unit 304 may analyze the SLAC results and may determine that the charging station 306 that received the service matching message with the highest signal level should provide electric power to the electric vehicle 302 .
  • the matching authorization unit 304 may determine that the charging station 306 that received the service matching message with the smallest latency should provide electric power to the electric vehicle 302 . However, in some implementations, the matching authorization unit 304 may not notify the charging station 306 of the results of the service matching process until the account authorization process is completed and the payment account associated with the electric vehicle 302 has been authorized.
  • the account authorization unit 312 completes the account authorization process and securely transmits a service voucher for the authorized services from one of the charging stations.
  • the account authorization process can comprise operations for authenticating a customer account (e.g., a payment account) associated with the electric vehicle 302 (e.g., for which a user of the electric vehicle 302 has appropriate access permissions).
  • the account authorization unit 312 can verify the account associated with the electric vehicle 302 based on the customer ID and other security credentials associated with the electric vehicle (e.g., an X.509v3 certificate with public keys bound to the customer ID). As part of the account authorization process, it may also be determined whether the payment account associated with the electric vehicle 302 has sufficient funds to provide compensation for the electric power that will be provided by one of the charging stations.
  • the account authorization unit 312 can transmit (to the matching authorization unit 304 ) a service voucher including the results of the account authorization process.
  • the service voucher generated by the account authorization unit 312 can indicate whether the electric vehicle 302 has the appropriate authorization to receive the electric power, according the account characteristics and the permissions.
  • the service voucher can also indicate limitations on the service (e.g., how much electric power, etc.) that can be provided be the charging station based on characteristics and state of the account, characteristics of the charging station, characteristics of the electric vehicle 302 , and the permissions associated with the account.
  • the service voucher may also comprise the customer ID associated with the electric vehicle 302 .
  • the service voucher can indicate a deadline by which the service matching process should be completed. The service voucher may expire (and the electric vehicle 302 may no longer be able to receive power/services) after this deadline elapses.
  • the service voucher may also include an authorized maximum amount of time, money, energy.
  • the service voucher may indicate that 100 kWh of power should be provided to the electric vehicle 302 , that an amount of electric power equivalent to $10 should be provided to the electric vehicle 302 , etc.
  • the matching authorization unit 304 securely transmits the service voucher to the matched charging station 306 .
  • the matching authorization unit 304 can securely transmit the service voucher (or another suitable indication of electric vehicle authorization) to the matched charging station 306 when the matching authorization unit 304 has the service voucher for the electric vehicle 302 (received at stage E after the account authorization process is completed) and knowledge of the matched charging station 306 (after completing the service matching process at stage D). Additionally, the matching authorization unit 304 may also transmit a notification to the electric vehicle 302 identifying the matched charging station 306 that will provide the electric power.
  • the matched charging station 306 provides the authorized amount of electric power to the electric vehicle 302 in accordance with the service voucher.
  • the matched charging station 306 can close one or more power relays and provide the authorized amount of power to the electric vehicle 302 .
  • the matched charging station 306 can also provide a notification to the matching authorization unit 304 to indicate that power is being provided to the electric vehicle 302 .
  • the electric vehicle 302 can transmit an acknowledgement message to the matched charging station 306 .
  • the matched charging station 306 can suspend power transfer to the electric vehicle 302 and can notify the matching authorization unit 304 of a potential error.
  • the matched charging station 306 and/or the electric vehicle 302 may present one or more audio/visual notifications (e.g., a charging light, a beeping sound, etc.) to notify the user that the service is being provided to the electric vehicle 302 (e.g., that electric vehicle 302 is being charged).
  • the charging station 306 can enforce the limitations (if any) specified in the service voucher and can provide power to the electric vehicle 302 in accordance with the service voucher.
  • the received service voucher can indicate, to the matched charging station 306 , that the owner of the electric vehicle 302 will provide compensation for authorized services (indicated in the service voucher) provided by the charging station 306 .
  • the matched charging station 306 can stop providing power to the electric vehicle 302 if the matched charging station 306 detects that the electric vehicle 302 was unplugged. In another embodiment, the matched charging station 306 can stop providing power to the electric vehicle 302 if the matched charging station 306 detects that an authorized limit (specified in the service voucher) was reached. In another embodiment, the matched charging station 306 can stop providing power to the electric vehicle 302 in response to the electric vehicle 302 requesting power termination.
  • FIG. 3 describes the matching authorization unit 304 as a single entity that authenticates the electric vehicle 302 , determines a charging station 306 should provide the electric vehicle 302 with power, and forwards authorization information received from account authorization unit 312 to the matched charging station 306 , embodiments are not so limited.
  • the matching authorization unit 304 can be implemented in a distributed format.
  • the matching authorization unit 304 can include three (or more) distinct sub-units each of which execute one function of the matching authorization unit 304 .
  • the first sub-unit can authenticate the electric vehicle 302 and provide the electric vehicle 302 with the MAS information and/or a signing key.
  • the second sub-unit can determine, during the service matching process, which charging station 306 should provide power to the electric vehicle 302 .
  • the third sub-unit can accept authorization information from the account authorization unit 312 on behalf of the electric vehicle 302 and forward this authorization to the charging station 306 that was matched with the electric vehicle 302 .
  • the matching authorization unit 304 can determine which charging station should be matched with the electric vehicle 302 .
  • some/all of the charging stations can determine (in a distributed manner) which charging station should be matched with the electric vehicle 302 .
  • the charging stations 306 , 308 , and 310 can determine the signal/attenuation level and communicate this information to a designated charging station 310 .
  • the designated charging station 310 can determine which of the charging stations 306 , 308 , or 310 should be matched with the electric vehicle 302 .
  • the service voucher indicating account authorization can be provided to the matching authorization unit 304 .
  • Providing the service voucher to the matching authorization unit 304 (instead of waiting until the appropriate charging station is identified) can minimize delay and can ensure that the electric vehicle 302 receives the service (if authorized) as soon as possible.
  • the service voucher indicating account authorization can be provided to another suitable designated device (e.g., a predetermined charging station).
  • the service voucher indicating account authorization can be provided directly to the electric vehicle 302 .
  • the matching authorization unit 304 may also provide a notification of the matched charging station to the electric vehicle 302 . The electric vehicle 302 may then transmit the service voucher to the matched charging station.
  • FIG. 4 is a flow diagram 400 illustrating example operations of a matching authorization unit in a distributed client authentication and service authorization environment. The flow begins at block 402 .
  • a matching authorization unit of a local communication network receives security credentials associated with a customer device that connects to the local communication network.
  • the customer device can be an electric vehicle 302 (e.g., a plug-in electric vehicle (PEV)).
  • the customer device 302 can connect to the local communication network 300 that comprises one or more local service providers (e.g., the charging stations 306 , 308 , and 310 ) to receive power from one of the charging stations.
  • the customer device 302 can then provide its security credentials (e.g., a customer ID) to the matching authorization unit 304 .
  • one of the local service providers 310 in the local communication network 300 can be designated as the matching authorization unit 304 .
  • the matching authorization unit 304 may be another network device that is distinct from the local service providers 306 , 308 , and 310 .
  • the flow continues at block 404 .
  • the matching authorization unit 304 can determine whether the security credentials received from the electric vehicle 302 are valid and whether the electric vehicle 302 can be authenticated. If the matching authorization unit 304 determines that security credentials associated with the customer device are valid, the flow continues at block 408 . Otherwise, the flow continues at block 406 .
  • a communication channel is not established with the customer device if the security credentials received from the customer device are determined not to be valid.
  • the flow 400 moves from block 404 to block 406 if the matching authorization unit 304 is unable to authenticate the security credentials associated with the electric vehicle 302 .
  • the matching authorization unit 304 can determine not to establish a communication link with the electric vehicle 302 and can prevent the electric vehicle 302 from receiving power from any of the charging stations 306 , 308 , and 310 . From block 406 , the flow ends.
  • a secure communication channel is established with the customer device if the security credentials received from the customer device are determined to be valid.
  • the flow 400 moves from block 404 to block 408 after the matching authorization unit 304 authenticates the security credentials associated with the customer device. For example, as described above with reference to block 208 of FIG. 2 , the matching authorization unit 304 can establish a secure communication channel with the electric vehicle 302 .
  • the flow continues at block 410 .
  • MAS information information associated with the matching authorization unit
  • the matching authorization unit 304 can transmit the MAS information (e.g., identity, location, etc.) to the customer device 302 .
  • the matching authorization unit 304 may execute operations that are similar to the key distribution unit 104 of FIGS. 1-2 to determine the signing key unique to the customer device 302 .
  • the matching authorization unit 304 and the local service providers e.g., the charging stations
  • the matching authorization unit 304 can generate a temporary signing key based on the master key, the customer ID and one or more suitable parameters (e.g., a sequence number, a timestamp, a random number, a location, etc.). Any messages transmitted by the customer device 302 can be signed using this temporary signing key for identification of the customer device 302 .
  • the matching authorization unit 304 , the customer device 302 , and the local service providers 306 , 308 , 310 can use public key encryption to exchange messages during the local service matching process.
  • the customer device 302 can connect to the local communication network 300 and provide its public certificate to all the local service providers 306 , 308 , 310 and to the matching authorization unit 304 .
  • the customer device 302 can use a key based on the public certificate to sign all messages transmitted by the customer device 302 .
  • the matching authorization unit 304 (and the local service providers 306 , 308 , 310 ) can validate the received message based on this key. The flow continues at block 412 .
  • the matching authorization unit initiates a service matching process with the customer device.
  • the matching authorization unit 304 can execute the service matching process in conjunction with the customer device 302 and the local service providers 306 , 308 , and 310 .
  • the flow continues at block 414 .
  • the customer device is matched to one of the local service providers.
  • the matching authorization unit 304 identifies one of the local service providers 306 that should provide services to the customer device 302 .
  • the matching authorization unit 304 may identify the matched local service provider based on availability of local service providers, proximity of the local service providers to the customer device, compatibility of the local service providers with the customer device, etc.
  • the matching authorization unit 304 identifies one of the charging stations 306 that is matched to the electric vehicle 302 and that will provide power to the electric vehicle 302 .
  • the flow continues at block 416 .
  • a service voucher that indicates authentication of a payment account associated with the customer device is received from an account authorization unit.
  • the account authorization unit 312 of FIG. 3 can securely transmit the service voucher to the matching authorization unit 304 .
  • the service voucher can indicate an account balance available to the customer device 302 and authorized services that can be provided by the charging stations.
  • the service voucher may be a notification from the account authorization unit 312 that indicates that the payment account associated with the customer device 302 comprises sufficient funds to pay for the service.
  • the flow continues at block 418 .
  • the service voucher is provided to the matched local service provider to cause the matched local service provider to provide a service to the customer device.
  • the matching authorization unit 304 can securely transmit the service voucher to the matched local service provider 306 when the matching authorization unit 304 has the service voucher for the customer device 302 (received at block 416 after the account authorization process is completed) and knowledge of the matched local service provider 306 (after completing the service matching process at block 414 ).
  • the service voucher can also indicate limitations on the service that can be provided, based on characteristics and state of the payment account, characteristics of the local service provider, characteristics of the customer device, and permissions the customer has for the account. As described above with reference to FIG.
  • the matched local service provider 306 can provide the service (e.g., an authorized amount of power) to the customer device 302 in accordance with the received service voucher. From block 418 , the flow ends.
  • the service e.g., an authorized amount of power
  • the matching authorization unit 304 in addition to providing the service voucher to the matched charging station 306 , can also cause the matched charging station 306 to close its power relays on an appropriate power cable and to provide power to the electric vehicle 302 .
  • the matching authorization unit 304 can receive an acknowledgement message from the electric vehicle 302 after the matched charging station 306 begins providing power to the electric vehicle 302 .
  • the matching authorization unit 304 can forward the acknowledgement message received from the electric vehicle 302 to the matched charging station 306 .
  • the matching authorization unit 304 can notify the matched charging station 306 to not provide power to the electric vehicle 302 .
  • the matching authorization unit 304 may also prompt the electric vehicle 302 to disconnect from the local communication network 300 .
  • the matching authorization unit 304 can forward this notification to the account authorization unit 312 .
  • FIG. 5 is a flow diagram 500 illustrating example operations of a customer device in a distributed client authentication and service authorization environment.
  • the flow 500 begins at block 502 .
  • a customer device connects to a communication network and transmits security credentials to a matching authorization unit of the communication network.
  • the customer device can be an electric vehicle.
  • the electric vehicle 302 can detect activity on a pilot line after connecting to a charging station of a charging facility (e.g., the local communication network 300 ).
  • the electric vehicle 302 e.g., a communication unit 303 of the electric vehicle 302
  • the electric vehicle 302 can transmit “join request” messages on the communication network.
  • the electric vehicle 302 can receive a “join confirmation” message from one of the charging stations in the communication network.
  • the electric vehicle can join a network associated with that charging station.
  • the customer device 302 can then transmit identification information (e.g., a customer ID), an X.509v3 certificate with public keys bound to the customer ID, etc. to the matching authorization unit 304 of the local communication network 300 .
  • identification information e.g., a customer ID
  • X.509v3 certificate with public keys bound to the customer ID etc.
  • the flow continues at block 504 .
  • a secure communication channel is established with the matching authorization unit.
  • the matching authorization unit 304 can authenticate the customer device 302 and can establish the secure communication channel with the customer device 302 .
  • the secure communication link can be established using an X.509v3 certificate that includes an identifier of the customer device 302 . The flow continues at block 506 .
  • the customer device 302 e.g., the communication unit
  • the customer device 302 can receive a unique signing key (generated by the matching authorization unit 304 as described above in FIGS. 1-4 ) and other parameters that were used for generating the signing key.
  • the electric vehicle may also receive MAS information (e.g., an identifier or location of the matching authorization unit 304 ).
  • the customer device 302 may also receive one or more SLAC parameters (e.g., a number of service matching messages that should be transmitted to each local service provider, a maximum time interval for conducting the service matching process, etc.) to enable the customer device 302 to execute the service matching process in conjunction with the matching authorization unit 304 .
  • SLAC parameters e.g., a number of service matching messages that should be transmitted to each local service provider, a maximum time interval for conducting the service matching process, etc.
  • a secure communication channel is established with the account authorization unit and account authorization is requested.
  • the customer device 302 e.g., the communication unit
  • the account authorization unit 312 can authenticate the customer device 302 and can establish the secure communication channel with the customer device 302 .
  • the secure communication channel can be established using an X.509v3 certificate that includes an identifier of the customer device 302 .
  • the customer device 302 can also request that the account associated with the customer device 302 be authorized and that the authorization results be provided to the matching authorization unit 304 .
  • the flow continues at block 510 .
  • the matching service process is conducted with the local service providers and the matching authorization unit.
  • the customer device 302 e.g., the communication unit 303
  • the customer device 302 can transmit one or more service matching messages to each of the local service providers 306 , 308 , and 310 in the local communication network 300 .
  • the customer device 302 can sign each service matching message with the signing key (or another suitable key) received at block 506 and can also provide one or more parameters (if necessary) that were used to generate the signing key.
  • the matching authorization unit 304 can analyze signal/attenuation information received from the local service providers (based on the service matching messages) and can identify one of the local service providers that should provide service to the customer device. The flow continues at block 512 .
  • the electric vehicle 302 e.g., the communication unit
  • the electric vehicle 302 can detect that power is being provided by one of the charging stations 306 .
  • the flow continues at block 514 .
  • an acknowledgement for the received service is transmitted.
  • the electric vehicle 302 e.g., the communication unit 303
  • the acknowledgement for the received power e.g., to the local service provider 306 and/or to the matching authorization unit 304 .
  • the flow ends.
  • FIGS. 1-5 are examples meant to aid in understanding embodiments and should not be used to limit embodiments or limit scope of the claims.
  • Embodiments may comprise additional circuit components, different circuit components, and/or may perform additional operations, fewer operations, operations in a different order, operations in parallel, and some operations differently.
  • the customer device 302 identified in the service matching process in order for the account authorization process to execute in parallel with the service matching process, it may be required that the customer device 302 identified in the service matching process be inextricably bound to the customer device 302 identified in the account authorization process.
  • a unique customer ID that is bound to a public key in a public key certificate e.g., X.509v3
  • CA trusted certificate authority
  • the customer ID in a certificate used by the customer device 302 in the service matching process (e.g., to obtain the signing key, the MAS information, etc.) can be compared against the customer ID used by the customer device to obtain account authorization from the account authorization unit 312 , to ensure that they are identical.
  • simultaneous client authentication and account authorization in an electric vehicle charging environment, embodiments are not so limited. In other embodiments, the operations described herein for simultaneous client authentication and account authorization can be extended to other suitable operating environments (e.g., gaming environments).
  • aspects of the present inventive subject matter may be embodied as a system, method, or computer program product. Accordingly, aspects of the present inventive subject matter may take the form of an entirely hardware embodiment, a software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present inventive subject matter may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
  • a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for carrying out operations for aspects of the present inventive subject matter may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
  • These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • FIG. 6 is a block diagram of one embodiment of an electronic device 600 including a broadcast authentication and service matching mechanism in a communication network.
  • the communication network may be a public charging facility and the electronic device 600 may be a charging station or another suitable coordinator unit in the charging facility.
  • the electronic device 600 may be a desktop computer, a workstation, a server computer, or other electronic systems with wired communication capabilities (e.g., powerline communication capabilities) and/or wireless communication capabilities (e.g., WLAN communication capabilities).
  • the electronic device 600 includes a processor unit 602 (possibly including multiple processors, multiple cores, multiple nodes, and/or implementing multi-threading, etc.).
  • the electronic device 600 includes a memory unit 606 .
  • the memory unit 606 may be system memory (e.g., one or more of cache, SRAM, DRAM, zero capacitor RAM, Twin Transistor RAM, eDRAM, EDO RAM, DDR RAM, EEPROM, NRAM, RRAM, SONOS, PRAM, etc.) or any one or more of the above already described possible realizations of machine-readable media.
  • system memory e.g., one or more of cache, SRAM, DRAM, zero capacitor RAM, Twin Transistor RAM, eDRAM, EDO RAM, DDR RAM, EEPROM, NRAM, RRAM, SONOS, PRAM, etc.
  • the electronic device 600 also includes a bus 610 (e.g., PCI, ISA, PCI-Express, HyperTransport®, InfiniBand®, NuBus, AHB, AXI, etc.), and network interfaces 604 that include at least one of a wireless network interface (e.g., a Bluetooth interface, a WLAN 802.11 interface, a WiMAX interface, a ZigBee® interface, a Wireless USB interface, etc.) and a wired network interface (e.g., an Ethernet interface, a powerline communication interface, etc.).
  • a wireless network interface e.g., a Bluetooth interface, a WLAN 802.11 interface, a WiMAX interface, a ZigBee® interface, a Wireless USB interface, etc.
  • a wired network interface e.g., an Ethernet interface, a powerline communication interface, etc.
  • the electronic device 600 also includes a coordinator unit 608 .
  • the coordinator unit 608 comprises a key distribution unit 612 and a matching authorization unit 614 .
  • the key distribution unit 612 can execute operations described above with reference to FIGS. 1-2 to generate a signing key for a sender device (e.g., an electric vehicle) for easier verification of messages transmitted by the sender device.
  • the matching authorization unit 614 can execute operations described above with reference to FIGS.
  • FIG. 6 depicts the coordinator unit 608 as comprising both the key distribution unit 612 and the matching authorization unit 614 , embodiments are not so limited. In other embodiments, the coordinator unit 608 may only comprise the key distribution unit 612 that is configured to execute operations described above in FIGS. 1-2 for broadcast authorization of the sender device. In other embodiments, the coordinator unit 608 may comprise the matching authorization unit 614 that is configured to execute functionality described above in FIGS. 3-4 . In this embodiment, the matching authorization unit 614 may or may not execute the functionality of the key distribution unit 612 .
  • a customer device e.g., an electric vehicle
  • any one of these functionalities may be partially (or entirely) implemented in hardware and/or on the processor unit 602 .
  • the functionality may be implemented with an application specific integrated circuit, in logic implemented in the processor unit 602 , in a co-processor on a peripheral device or card, etc.
  • realizations may include fewer or additional components not illustrated in FIG. 6 (e.g., video cards, audio cards, additional network interfaces, peripheral devices, etc.).
  • the processor unit 602 , the memory unit 606 , and the network interfaces 604 are coupled to the bus 610 . Although illustrated as being coupled to the bus 610 , the memory unit 606 may be coupled to the processor unit 602 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Sustainable Energy (AREA)
  • Sustainable Development (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Power Engineering (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Functionality for secure client authentication and service authorization in a shared communication network are disclosed. A managing network device of a communication network causes a securely connected client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more service providers of the communication network. The managing network device executes the service matching process and securely matches the client network device with one of the service providers. The accounting network device executes the account authorizing process with the client network device and provides a service voucher to the managing network device authorizing one or more of the service providers to service the client network device. The managing network device transmits the service voucher to the matched service provider to prompt the matched service provider to service the client network device.

Description

    RELATED APPLICATIONS
  • This application claims the priority benefit of U.S. Provisional Application No. 61/499,562 filed Jun. 21, 2011.
    • BACKGROUND
  • Embodiments of the inventive subject matter generally relate to the field of communication networks and, more particularly, to secure client authentication and service authorization in a shared communication network.
  • Electric vehicles typically charge from conventional power outlets or dedicated charging stations. Prior to receiving power from the charging stations, the charging station can ensure that the user of the electric vehicle has a valid account and proper authorization to receive the electric power and to pay for the received electric power.
    • SUMMARY
  • Various embodiments of a secure client authentication and service authorization mechanism in a shared communication network are disclosed. In some embodiments, a secure communication channel is established between a client network device and a managing network device of a communication network based, at least in part, on a client identifier of the client network device. The managing network device causes the client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of service providers of the communication network. The client network device is securely matched with a first of the plurality of service providers. A service voucher is securely received at the managing network device from the accounting network device authorizing one or more of the service providers of the communication network to service the client network device in response to the accounting network device executing the account authorizing process with the client network device. The service voucher is securely transmitted from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present embodiments may be better understood, and numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying drawings.
  • FIG. 1 is an example conceptual diagram of a broadcast authentication mechanism in a communication network;
  • FIG. 2 is a flow diagram illustrating example operations of a key distribution unit executing the broadcast authentication mechanism;
  • FIG. 3 is an example conceptual diagram of a distributed authentication mechanism in a communication network;
  • FIG. 4 is a flow diagram illustrating example operations of a matching authorization unit in a distributed client authentication and service authorization environment;
  • FIG. 5 is a flow diagram illustrating example operations of a customer device in a distributed client authentication and service authorization environment; and
  • FIG. 6 is a block diagram of one embodiment of an electronic device including a broadcast authentication and service matching mechanism in a communication network.
    •  DESCRIPTION OF EMBODIMENT(S)
  • The description that follows includes exemplary systems, methods, techniques, instruction sequences, and computer program products that embody techniques of the present inventive subject matter. However, it is understood that the described embodiments may be practiced without these specific details. For instance, although examples refer to executing operations (e.g., exchanging messages) for simultaneous client authentication and account authorization in a powerline communication (PLC) network, embodiments are not so limited. In other embodiments, the operations described herein for simultaneous client authentication and account authorization can be executed in other suitable shared communication networks (e.g., Ethernet over Coax (EoC), wireless local area networks (WLAN), such as IEEE 802.11 networks, etc.). In other instances, well-known instruction instances, protocols, structures, and techniques have not been shown in detail in order not to obfuscate the description.
  • When an electric vehicle connects to a charging facility that comprises multiple charging stations, an association between the electric vehicle and one of the charging stations may be established to enable the electric vehicle to receive power from the charging station. Because messages between the electric vehicle and the charging station may be exchanged (e.g., for authenticating the electric vehicle, etc.) via a shared communication medium, it may be possible for malicious users to intercept legitimate communications, transmit counterfeit messages, cause confusion at the charging station, and steal power intended for the electric vehicle. Traditional methods for authenticating broadcast messages transmitted by the electric vehicle rely on either the electric vehicle using a public key signature to sign each message or a key distributor providing a unique electric vehicle verification key to each of the charging stations over a secure connection. However, using a public key signature typically can require each charging station to perform expensive public key encryption/decryption operations to verify the authenticity of each received message. Also, distributing the electric vehicle verification key to each charging station can be costly in terms of the number of messages transmitted. Furthermore, the electric vehicle verification key may be transmitted to all the charging stations even though only a small subset of the charging stations may actually use the electric vehicle verification key to verify the messages from the electric vehicle.
  • In some embodiments, a broadcast authorization mechanism can be implemented in the charging facility to validate the electric vehicle and to ensure that the electric vehicle that transmitted a message is the same as the electric vehicle that is connected in the charging facility. In this embodiment, a key distributor and the charging stations of the charging facility can have a priori knowledge of a master key. The key distributor can determine a unique vehicle verification key for the electric vehicle based on a vehicle identifier (ID) and one or more other parameters (e.g., sequence number, timestamp, location, random number, etc.). The electric vehicle can sign messages (transmitted from the electric vehicle) using the vehicle verification key and can also provide the vehicle ID and the one or more other parameters (in the transmitted message). Based on the charging station's knowledge of the master key, the received vehicle ID, and the other received parameters, the charging station can derive the vehicle verification key and authenticate the received message. Such a broadcast authentication mechanism can enable secure communications between the electric vehicle and the charging stations, and can enable the charging stations to authenticate transmissions from the electric vehicle without expensive computations and without exchanging a large number of messages.
  • Additionally, whether an electric vehicle receives power at a charging facility may be contingent on two factors—1) identification of the charging station that should provide power to the electric vehicle (“service matching”) and 2) authorization of a payment account (“account authorization”) associated with the electric vehicle (e.g., determining whether the electric vehicle can pay for the received power). Identifying the charging station may be a local decision. However, authorizing the payment account may involve communicating with a remote account authorization unit (e.g., via the Internet) and this can incur communication latencies. Traditional authorization mechanisms are sequential where the charging station that should provide power to the electric vehicle is not identified until the payment account associated with the electric vehicle is authorized. Communication latencies and network latencies can result in the user of the electric vehicle having to wait for a significant amount of time between connecting the electric vehicle to the charging facility and the electric vehicle receiving power.
  • In some embodiments, a distributed authorization architecture can be implemented to minimize latency between the time instant when the electric vehicle connects to the charging facility and the time instant when the electric vehicle receives power. In accordance with the distributed authorization architecture, the service matching process and the account authorization process may be executed in parallel. In some embodiments, when the electric vehicle plugs into the charging facility, a local matching authorization unit can initiate the service matching process for the electric vehicle and can prompt a remote account authorization unit to initiate the account authorization process for the electric vehicle. The matching authorization unit can match the electric vehicle to one of the charging stations (“matched charging station”). Once the account authorization process is completed, the matching authorization unit can receive a service voucher (e.g., indicating whether the account was authorized, the type and amount of power that can be provided to the electric vehicle, etc.) from the account authorization unit. The matching authorization unit can provide the service voucher to the matched charging station and can cause the matched charging station to provide power to the electric vehicle in accordance with the service voucher. Such a distributed authorization architecture where the service matching process executes in parallel with the account authorization process can reduce the latency between the electric vehicle connecting to the charging facility and receiving electric power.
  • FIG. 1 is an example conceptual diagram of a broadcast authentication mechanism in a communication network 100. In FIG. 1, the communication network 100 comprises an electric vehicle 102, a key distribution unit 104, and charging stations 110, 112, and 114. The electric vehicle 102 comprises a communication unit 103. The communication unit 103 can implement protocols and functionality to enable the electric vehicle 102 to communicate with the key distribution unit 104 and one or more of the charging stations 110, 112, and 114 in the communication network 100. The key distribution unit 104 comprises a key generation unit 106 and a transceiver unit 108. In some embodiments, the communication network 100 can be a shared communication network (e.g., a powerline communication (PLC) network). In other embodiments, the communication network 100 can be other suitable types of networks (e.g., Ethernet over Coax (EoC), wireless local area networks (WLAN), such as IEEE 802.11 networks, etc.). All the charging stations 110, 112, and 114 and the key distribution unit 104 may be trusted entities with respect to each other. The key distribution unit 104 and the charging stations 110, 112, and 114 can be communicatively coupled using wireless communication protocols (e.g., WLAN, Bluetooth, etc.) or using wired communication protocols (e.g., PLC, Ethernet, etc.).
  • At stage A, the electric vehicle 102 connects to the communication network 100 and provides security credentials to the key distribution unit 104. In some embodiments, the electric vehicle 102 (e.g., the communication unit 103) may transmit a vehicle identifier (ID). In other embodiments, the electric vehicle 102 may also provide other suitable security credentials (e.g. an X.509v3 certificate with public keys bound to the vehicle ID) to the key distribution unit 104. In some embodiments, as depicted in FIG. 1, the key distribution unit 104 may be another network device (e.g., a managing network device or a coordinator device) that is distinct from the charging stations 110, 112, and 114. In another embodiment, one of the charging stations in the communication network 100 can be designated as the key distribution unit 104. As will be further described below, the key distribution unit 104 can use the vehicle ID and other suitable information to generate a signing key that can be used by the electric vehicle 102 for transmitting messages and by the charging stations for verifying the authenticity of messages received from the electric vehicle 102.
  • At stage B, the key distribution unit 104 establishes a secure communication link with the electric vehicle 102 after validating the security credentials received from the electric vehicle 102, as will be further described in blocks 204-208 of FIG. 2.
  • At stage C, the key generation unit 106 generates a temporary sender signing key based, at least in part, on the received security credentials and a master key associated with the key distribution unit. For example, the key generation unit 106 can generate the temporary sender signing key based, at least in part, on the vehicle ID received at stage A and the master key. The master key may be known to the key generation unit 106 and to all the charging stations 110, 112, and 114 in the communication network 100. In one embodiment, the key generation unit 106 can generate the master key and can distribute the master key to all the charging stations 110,112, and 114 in the communication network 100. In another embodiment, one of the charging stations 110 can generate the master key and can distribute the master key to the key generation unit 106 and to the other charging stations 112 and 114. In another embodiment, a subset of the charging stations (which may or may not include the key generation unit 106) may generate the master key. In another embodiment, the master key may be predetermined and provided (e.g., input by a network administrator during an installation process, hardcoded during a manufacturing process, etc.) to the key generation unit 106 and to the charging stations 110, 112, and 114.
  • In some embodiments, the key generation unit 106 can use a keyed one-way hash function (H) to generate the temporary sender signing key. The key generation unit 106 can use the master key as a key for the hash function. The input to the hash function can be the security credentials associated with the electric vehicle 102 (e.g., vehicle ID). In some embodiments, the input to the hash function can be a concatenation (or another combination) of the vehicle ID and one or more other parameters (e.g., a sequence number, a timestamp, a random value, a location identifier, etc.). The key generation unit 106 may increment the sequence number each time the key generation unit 106 distributes a new temporary sender signing key to the electric vehicle 102. The timestamp may include a start time and an end time for which the temporary sender signing key is valid. Combining the vehicle ID with one or more other parameters (e.g., the sequence number, the timestamp, the random value, the location identifier, etc.) can prevent spoofing attacks. It should be noted that the temporary sender signing key is unique to the electric vehicle, so that the charging stations 110, 112, and 114 can uniquely associate the messages sent by a particular electric vehicle with that electric vehicle.
  • At stage D, the electric vehicle 102 uses the temporary sender signing key to sign messages scheduled to be transmitted to the charging stations 110, 112, 114. The messages transmitted to the charging stations 110, 112, and 114 can include the vehicle ID and the one or more other parameters that were used by the key generation unit 106 to generate the temporary sender signing key (e.g., the sequence number, the timestamp, the random value, the location identifier, etc.). The electric vehicle 102 may not transmit the temporary sender signing key to the charging stations 110, 112, and 114. The electric vehicle 102 (e.g., the communication unit 103) can sign the message using the temporary sender signing key to enable the charging stations 110, 112, and 114 to identify and validate the electric vehicle 102. For example, each message can comprise a message authentication code (MAC) that is based on the temporary sender signing key and the content of the message. It should be noted that in some embodiments, the electric vehicle 102 (e.g., the communication unit 103) can broadcast the messages to all the charging stations 110, 112, and 114, as depicted in FIG. 1. In other embodiments, the electric vehicle 102 can broadcast the messages to one (or a subset) of the charging stations 110, 112, and 114.
  • At stage E, the charging station 110 can validate the message received from the electric vehicle 102 based, at least in part, on information in the received message and the master key. For example, the charging station 110 (and also the charging stations 112 and 114) can verify the message authentication code in the received message by performing the same operations as the key generation unit 106 (described in stage C) using the information provided by the electric vehicle 102 in the message (e.g., the vehicle ID, sequence number, the timestamp, the random value, the location identifier, etc.) and the master key known to the charging station 110. This can enable the charging station 110 to verify the signature in the received message without obtaining additional information from the key distribution unit 104.
  • FIG. 2 is a flow diagram (“flow”) 200 illustrating example operations of a key distribution unit executing the broadcast authentication mechanism. The flow begins at block 202.
  • At block 202, a key distribution unit of a communication network receives security credentials associated with a network device (“sender device”) that connects to the communication network. In one embodiment, the sender device can be a plug-in electric vehicle (PEV). With reference to the example of FIG. 1, the electric vehicle 102 can connect to the communication network 100 that comprises one or more charging stations 110, 112, and 114 to receive electric power from one of the charging stations. The electric vehicle 102 can then provide its security credentials (e.g., a sender ID) to the key distribution unit 104. The key distribution unit 104 may be one of the charging stations or may be distinct from the charging stations. The flow continues at block 204.
  • At block 204, it is determined whether the security credentials received from the sender device are valid. For example, the key distribution unit 104 can determine whether the security credentials received from the electric vehicle 102 are valid and whether the electric vehicle 102 can be authenticated. If the key distribution unit 104 determines that security credentials associated with the electric vehicle are valid, the flow continues at block 208. Otherwise, the flow continues at block 206.
  • At block 206, a communication channel is not established with the sender device if the security credentials associated with the electric vehicle are determined not to be valid. The flow 200 moves from block 204 to block 206 if the key distribution unit 104 is unable to authenticate the security credentials associated with the electric vehicle 102. In this instance, the key distribution unit 104 can determine not to establish a communication channel with the electric vehicle 102. If the key distribution unit 104 does not establish the communication channel with the electric vehicle 102, this can indicate that the electric vehicle 102 will not be permitted to receive power from any of the charging stations 110, 112, and 114 in the communication network 100. The key distribution unit 104 may also present a notification (e.g., audio, visual, and/or text notification) to the electric vehicle 102 indicating the inability to establish the communication channel with the electric vehicle 102. From block 206, the flow ends.
  • At block 208, a secure communication channel is established with the sender device if the security credentials associated with the electric vehicle are determined to be valid. The flow 200 moves from block 204 to block 208 after the key distribution unit 104 authenticates the security credentials associated with the electric vehicle 102. For example, the key distribution unit 104 can exchange one or more security handshake messages to establish the secure communication channel with the electric vehicle 102. As will be further described below, the key distribution unit 104 can exchange one or more messages with the electric vehicle 102 via the secure communication channel to generate a sender signing key that is unique to the electric vehicle 102. The electric vehicle 102 can then use the sender signing key to communicate with the charging stations 110, 112, and 114 in the communication network 100. The flow continues at block 210.
  • At block 210, a temporary sender signing key is generated based, at least in part, on the security credentials associated with the sender device and a master key associated with the key distribution unit. For example, the key generation unit 106 (of the key distribution unit 104) can generate the temporary sender signing key based, at least in part, on the sender ID received at block 202 and the master key. As described above, the key generation unit 106 and the charging stations 110, 112, and 114 may have a priori knowledge of the master key. As described above at stage C of FIG. 1, various embodiments can use employed to determine/provide the master key to the key generation unit 106 and the charging stations 110,112, and 114. In some embodiments, the key generation unit 106 can use a keyed one-way hash function on the master key, the security credentials (sender ID) associated with the electric vehicle 102, and one or more other parameters (e.g., a sequence number, a timestamp, a random value, a location identifier, etc.) to generate the temporary sender signing key. Because the temporary sender signing key is unique to the electric vehicle 102, charging stations can uniquely associate the messages sent by a particular electric vehicle with that electric vehicle 102. The flow continues at block 212.
  • At block 212, the temporary sender signing key is transmitted to the sender device via the secure communication channel. For example, the key distribution unit 104 can transmit (e.g., via the transceiver unit 108) the temporary sender signing key to the electric vehicle 102 via the secure communication channel. In some embodiments, the key distribution unit 104 can also transmit the sequence number, the timestamp, the random value, the location identifier, and other parameters that were used to generate the temporary sender signing key. However, the key distribution unit 104 may not transmit the master key to the electric vehicle 102. As described above with reference to FIG. 1, the electric vehicle 102 can use the temporary sender signing key to sign all messages that it broadcasts to the charging stations 110, 112, and 114 so that the charging station (that receives the messages) can easily verify the authenticity of the received messages. From block 212, the flow ends.
  • Although FIGS. 1 and 2 describe the key distribution unit 104 transmitting the temporary sender signing key to the sender device (e.g., the electric vehicle 102) via an insecure medium over which a secure communication channel has been established, embodiments are not so limited. In other embodiments, the key distribution unit 104 can use an alternate secure communication channel, or a secure, out-of-band means of transmitting the temporary sender signing key to the sender device 102 to minimize the possibility of interception. The key distribution unit 104 may transmit the temporary sender signing key to the sender device 102 via a different communication medium, a separate waveguide, or a different communication band that is less susceptible to interception. In other embodiments, the key distribution unit 104 can use public key encryption techniques (or other suitable encryption techniques) to securely transmit the temporary sender signing key to the sender device 102.
  • Although stage D in FIG. 1 describes the sender device (e.g., the electric vehicle 102) transmitting the message including the sender ID and the other parameters used to generate the temporary sender signing key (e.g., the sequence number, the timestamp, the random number, the location, etc.), embodiments are not so limited. In some embodiments, the size of the message transmitted by the sender device 102 may not be large enough to accommodate all the parameters that were used to generate the temporary sender signing key. In this embodiment, the sender device 102 can transmit the parameters that were used to generate the temporary sender signing key (e.g., the sender ID, the sequence number, the timestamp, the random number, the location, etc.) in one or more separate initialization messages. The sender device 102 may only include the sender ID and sequence number in subsequent messages (along with the message content). The receiver device (e.g., the charging station 110) can derive the temporary sender signing key unique to the sender device 102 from the information provided in the initialization messages. For each sender device 102, the receiver device 110 can store the derived temporary sender signing key, the sender ID, and the sequence number. The receiver device 110 can look up the previously derived temporary sender signing key based on the sender ID and sequence number received in subsequent messages. The inclusion of the sequence number in the subsequent messages can ensure that the temporary sender signing key associated with the sender device 102 is current (e.g., since the sequence number is incremented each time the sender device 102 receives a new temporary sender signing key).
  • In some embodiments, the sender device (e.g., the electric vehicle 102) can also transmit a message counter in each message to minimize the possibility of replay attacks. The sender device 102 can also use the message counter to compute the message authentication code associated with the message. The receiver device (e.g., the charging station 110) can receive messages from the sender device 102 and can store the most recently received message counter value. The receiver device 110 can discard any received messages with a message counter value that is less than or equal to the largest message counter value received in a verified message from the sender device 102. In some embodiments, if the message from the sender device 102 includes a timestamp value and an expiration time, then the receiver device 110 can discard information about the temporary signing key (including the message counter, the sequence number, location, etc.) after the expiration time is reached.
  • In one example, the sender device 102 may be a plug-in electric vehicle (PEV) that connects to one of the charging stations (also known as an electric vehicle supply equipment or EVSE) in a charging facility. The PEV may connect to the charging station via a charging cable. The charging stations, the PEV, and the key distribution unit may be coupled via a powerline communication channel (or another suitable shared communication medium). Accordingly, multiple charging stations may receive the PEV's transmissions and may try to determine the identity of the PEV transmitting each message. In this example, the charging cable that connects the PEV and the charging station may have a control pilot line. The PEV and the charging station can exchange low-speed, secure communications via the control pilot line of the charging cable. In some embodiments, the key distribution unit 104 can provide the electric vehicle 102 with the temporary sender signing key via the control pilot line. Other communications can be conducted over the same control pilot line but in a different communication band, or over different lines (e.g., the power lines).
  • Although FIGS. 1 and 2 describe the key distribution unit 104 generating a temporary sender signing key based on a hash value of the sender ID and/or one or more other parameters (e.g., a sequence number, a location, a random number, a timestamp, etc.), embodiments are not so limited. In other embodiments, other suitable mechanisms can be used to generate the sender signing key. For example, the public key encryption methods can be used and the sender signing key may be a public encryption key. Furthermore, in some embodiments, the sender signing key may not be temporary. Instead, the sender signing key may be any suitable sender-specific key that is assigned to the sender device 102 when the sender device 102 connects to the communication network 100. The sender device 102 can then sign messages (prior to transmitting the messages) with the sender-specific key.
  • FIG. 3 is an example conceptual diagram of a distributed authentication mechanism in a communication network. In FIG. 3, a local communication network 300 comprises an electric vehicle 302, a matching authorization unit 304, and charging stations 306, 308, and 310. The local communication network 300 is also coupled to an account authorization unit 312 which may be at a remote location (e.g., on another communication network). The electric vehicle 302 comprises a communication unit 303. The communication unit 303 can implement protocols and functionality to enable the electric vehicle 302 to communicate with the matching authorization unit 304, the account authorization unit 312, and one or more of the charging stations 306, 308, and 310. In some embodiments, the local communication network 300 can be a shared communication network (e.g., a powerline communication network). All the charging stations 306, 308, and 310 and the matching authorization unit 304 may be trusted entities with respect to each other. The charging stations 306, 308, and 310 and the matching authorization unit 304 can be communicatively coupled using wireless communication protocols (e.g., WLAN, Bluetooth, etc.) or using wired communication protocols (e.g., PLC, Ethernet, etc.). The matching authorization unit 304 can perform three types of functions—1) authenticating the electric vehicle 302 and providing the electric vehicle 302 with a signing key for secure communication, 2) executing a service matching process for determining which charging station should provide power to the electric vehicle 302, and 3) accepting authorization information from the account authorization unit 312 on behalf of the electric vehicle 302 and forwarding this authorization to the charging station that was matched with the electric vehicle 302. Furthermore, it is noted that in some embodiments, as depicted in FIG. 3, the matching authorization unit 304 may be another network device (e.g., a managing network device or a coordinator device) that is distinct from the charging stations 306, 308, and 310. In another embodiment, one of the charging stations in the local communication network 300 can be designated as the matching authorization unit 304.
  • In some embodiments, after the electric vehicle 302 (e.g., a plug-in electric vehicle (PEV)) plugs into a charging facility (e.g., connects to a charging station or EVSE 306), a control pilot line transmission (CPLT) line associated with the electric vehicle 302 can be activated. The electric vehicle 302 (e.g., a PEV-EVSE matching protocol layer) can determine (e.g., via the CPLT line) that the CPLT line associated with the electric vehicle 302 is active. Additionally, the charging station 306 also can determine that an unmatched electric vehicle 302 is connected to the charging station 306 by detecting that the CPLT line associated with the electric vehicle 302 is activated. In some embodiments, the charging station 306 can transmit a notification to the matching authorization unit 304 indicating that an unmatched electric vehicle 302 is connected to the charging station 306. In some embodiments, the charging station 306 and the electric vehicle 302 can also exchange information needed for electric vehicle 302 to join the charging station's network. For example, the electric vehicle 302 could provide a vehicle identifier, information about supported communication protocols, etc. to the charging station 306. In one example, the charging station 306 can be associated with a powerline communication (PLC) network and can provide a charging station identifier, network information, supported PLC protocols (e.g., Green PHY, HomePlug AV, etc.), and other suitable information to enable the electric vehicle 302 to join the charging station's PLC network. After the electric vehicle 302 joins the charging station's network, the electric vehicle (e.g., upper protocol layers of the electric vehicle) can use dynamic host control protocol (DHCP) to determine IP addresses, router interfaces, domain name server (DNS) information, and other suitable information for communicating with the matching authorization unit 304 and the account authorization unit 312. As will be further described below in stages A-F, the electric vehicle 302 can communicate with the matching authorization unit 304 and the account authorization unit 312 in parallel to enable simultaneous service matching and account authorization.
  • At stage A, the electric vehicle 302 (e.g., the communication unit 303) provides security credentials to the matching authorization unit 304. In some embodiments, the electric vehicle 302 may transmit a customer ID. In other embodiments, the electric vehicle 302 may also provide other suitable security credentials bound to the customer ID (e.g. an X.509v3 certificate with public keys bound to the customer ID) to the matching authorization unit 304. In some embodiments, after the electric vehicle 302 connects to the network associated with the charging station 306, a PEV-EVSE matching protocol layer an prompt the upper protocol layers of the electric vehicle to communicate with the matching authorization unit 304. In one example, the electric vehicle 302 (e.g., PEV upper protocol layers) can use a known URL that references the matching authorization unit 304. In some embodiments, the URL used by the electric vehicle 302 to access the matching authorization unit 304 may be intercepted and locally redirected (to the matching authorization unit 304) by a network address translator or a local domain name server.
  • At stage B, the matching authorization unit 304 establishes a secure communication channel with the customer device (e.g., electric vehicle) 302 after validating the security credentials received from the electric vehicle 302. The matching authorization unit 304 can authenticate the electric vehicle 302 and establish a communication channel for securely communicating with the electric vehicle 302 based on the customer ID and other security credentials associated with the electric vehicle 302 (e.g., a public encryption key, a X.509v3 certificate with public keys bound to the customer ID).
  • At stage C, the electric vehicle 302 (e.g., the communication unit 303) receives the information associated with the matching authorization unit 304 (“MAS information”) and provides the MAS information and the security credentials bound to the customer ID to the account authorization unit 312. In some embodiments, the MAS information provided by the matching authorization unit 304 can include MAS identity information, MAS location information, etc. The MAS identity information can be an identifier that is mapped to an IP address of the matching authorization unit 304. In some embodiments, the matching authorization unit 304 can also generate a temporary signing key that is unique to the electric vehicle 302 based, at least in part, on a secure hash of the customer ID, a master key, and one or more other parameters (e.g., a sequence number, a random number, a timestamp, etc.), as described above with reference to FIGS. 1-2. In addition to providing the MAS information to the electric vehicle 302, the matching authorization unit 304 may also provide the temporary signing key and the one or more parameters (except the master key) used for generating the temporary signing key to the electric vehicle 302, as described above in FIGS. 1-2. In this embodiment, the matching authorization unit 304 may comprise the key distribution unit 104 of FIG. 1 for generating the temporary signing key as described above in FIGS. 1-2. Alternately, the matching authorization unit 304 may itself execute the functionality described above in FIGS. 1-2 for generating the temporary signing key associated with the electric vehicle 302. Alternately, the matching authorization unit 304 may access a distinct key distribution unit 104 and can request the key distribution unit 104 to generate the temporary signing key for the electric vehicle 302. The matching authorization unit 304 can then provide this temporary signing key to the electric vehicle 302. In other embodiments, the matching authorization unit 304 may not generate the temporary signing key but may instead use a public encryption key for secure communication with the electric vehicle 302.
  • In response to receiving the MAS information, the electric vehicle 302 (e.g., the communication unit 303) can initiate the account authorization process with the account authorization unit 312 by using a known URL that references the account authorization unit. In some embodiments, the electric vehicle (or “customer device”) 302 and the account authorization unit 312 can establish a secure communication channel using an X.509v3 certificate associated with the customer device 302. Additionally, the electric vehicle 302 can provide the customer ID and the MAS information to the account authorization unit 312 via the established secure communication channel. While the account authorization unit 312 is executing the account authorization process with the electric vehicle 302, the electric vehicle 302 can execute the service matching process with the matching authorization unit 304. In other words, as will be further discussed below, the account authorization process (e.g., for determining whether the payment account associated with the electric vehicle 302 has sufficient funds to pay for the electric power) can be performed in parallel with the service matching process (e.g., to identify the charging station that is best suited for providing the electric power to the electric vehicle 302). Since account authorization may not depend on which of the charging stations will provide electric power to the electric vehicle 302, the account authorization process can be executed in parallel with the service matching process. This can reduce latency between the electric vehicle 302 joining the local communication network 300 and receiving the electric power from the charging station.
  • At stage D, the matching authorization unit 304 executes the service matching process and matches the electric vehicle 302 with a charging station 306 in the local communication network 300. As described above, the account authorization unit 312 may be remote and communication between the account authorization unit 312 and the matching authorization unit 304 may incur long latencies. The service matching process may be executed locally, and therefore the matching authorization unit 304 may initiate the service matching process without account authorization (e.g., before the account authorization unit 312 determines whether the payment account has sufficient funds to pay for the services). Initiating the service matching process before account authorization process is completed can reduce latency between the electric vehicle 302 connecting to the network and receiving the electric power.
  • In some embodiments, as part of the service matching process, the matching authorization unit 304 may cause the electric vehicle 302 (e.g., the communication unit 303) to execute a signal level attenuation characteristics (SLAC) protocol with the local charging stations 306, 308, and 310. To enable the electric vehicle 302 to execute the SLAC protocol, the matching authorization unit 304 can transmit one or more SLAC parameters to the electric vehicle 302 (e.g., along with the MAS information at stage C). The SLAC parameters can indicate a number of service matching messages (e.g., sound tones) that should be transmitted to the local charging stations 306, 308, and 310, and a timeout interval for executing the SLAC protocol. The number of service matching messages may be determined based on a number of cables associated with the charging stations, a number of cable harnesses, a maximum number of switch states associated with the charging stations, the type of charging stations, the type of electric vehicle, local noise, and other such factors. In some embodiments, the number of service matching messages (as indicated by the matching authorization unit 304) can also take into consideration that some service matching messages may not be detected or missed. In some embodiments, the timeout interval for executing the SLAC protocol can be determined based, at least in part, on a number of electric vehicles in the local communication network 300, noise levels detected at the charging stations, cable configurations of the charging stations, etc. The matching authorization unit 304 can start a timer based on the timeout interval for SLAC protocol. In some embodiments, when the electric vehicle 302 receives the SLAC parameters from the matching authorization unit 304, the electric vehicle 302 can initiate operations for executing the SLAC protocol (i.e., without waiting for account authorization from the account authorization unit 312). The electric vehicle 302 can transmit one or more initialization messages (e.g., using multi-network broadcast communications (MNBC)) to indicate that operations for the SLAC protocol will begin. These initialization messages can also include the timeout interval and the number of service matching messages that will be transmitted in accordance with the SLAC protocol. The electric vehicle 302 can transmit the service matching messages using multi-network broadcast communications. In some embodiments, if the matching authorization unit 304 generated a unique signing key for the electric vehicle 302 (in accordance with the operations of FIGS. 1-2), the service matching messages can include a message authentication code that is generated based on a one-way hash of the message content, the signing key, a sequence number, and a message counter. The value of the message counter may be decremented as each service matching message is transmitted. Each service matching message can also include the customer ID, the sequence number, the message counter, and other parameters that were used to generate the signing key. It should be noted that, in other embodiments, the service matching messages may be signed using a key based on a public certificate, or another suitable vehicle-specific key. In some embodiments, after the electric vehicle 302 transmits a first service matching message, the electric vehicle 302 may wait for a predetermined time interval before transmitting a second service matching message.
  • Each charging station 306 that receives the service matching message can determine signal level information (or attenuation information) based on the received service matching message and a time instant at which the service matching message was received (e.g., a receive timestamp). In some embodiments, only the charging stations 306 that are not currently matched with another electric vehicle may process the received service matching messages. The charging station 306 can use the information received in the service matching message in conjunction with the master key to derive the signing key associated with the electric vehicle 302. The charging station 306 can then use the signing key to authenticate the received service matching messages. After the last service matching message is received (or after the timeout interval expires), the charging station 306 can provide SLAC results for each authenticated service matching message (e.g., the signal level information, the attenuation information, the receive timestamp, etc.) to the matching authorization unit 304. After the matching authorization unit 304 receives the SLAC results from all the charging stations (or after the timeout interval elapses), the matching authorization unit 304 selects one of the charging stations with the best performance to provide electric power to the customer device 302. For example, the matching authorization unit 304 may analyze the SLAC results and may determine that the charging station 306 that received the service matching message with the highest signal level should provide electric power to the electric vehicle 302. As another example, the matching authorization unit 304 may determine that the charging station 306 that received the service matching message with the smallest latency should provide electric power to the electric vehicle 302. However, in some implementations, the matching authorization unit 304 may not notify the charging station 306 of the results of the service matching process until the account authorization process is completed and the payment account associated with the electric vehicle 302 has been authorized.
  • At stage E, the account authorization unit 312 completes the account authorization process and securely transmits a service voucher for the authorized services from one of the charging stations. The account authorization process can comprise operations for authenticating a customer account (e.g., a payment account) associated with the electric vehicle 302 (e.g., for which a user of the electric vehicle 302 has appropriate access permissions). The account authorization unit 312 can verify the account associated with the electric vehicle 302 based on the customer ID and other security credentials associated with the electric vehicle (e.g., an X.509v3 certificate with public keys bound to the customer ID). As part of the account authorization process, it may also be determined whether the payment account associated with the electric vehicle 302 has sufficient funds to provide compensation for the electric power that will be provided by one of the charging stations. After completing the account authorization process, the account authorization unit 312 can transmit (to the matching authorization unit 304) a service voucher including the results of the account authorization process.
  • The service voucher generated by the account authorization unit 312 can indicate whether the electric vehicle 302 has the appropriate authorization to receive the electric power, according the account characteristics and the permissions. The service voucher can also indicate limitations on the service (e.g., how much electric power, etc.) that can be provided be the charging station based on characteristics and state of the account, characteristics of the charging station, characteristics of the electric vehicle 302, and the permissions associated with the account. The service voucher may also comprise the customer ID associated with the electric vehicle 302. In some embodiments, the service voucher can indicate a deadline by which the service matching process should be completed. The service voucher may expire (and the electric vehicle 302 may no longer be able to receive power/services) after this deadline elapses. In some embodiments, the service voucher may also include an authorized maximum amount of time, money, energy. For example, the service voucher may indicate that 100 kWh of power should be provided to the electric vehicle 302, that an amount of electric power equivalent to $10 should be provided to the electric vehicle 302, etc.
  • At stage F, the matching authorization unit 304 securely transmits the service voucher to the matched charging station 306. The matching authorization unit 304 can securely transmit the service voucher (or another suitable indication of electric vehicle authorization) to the matched charging station 306 when the matching authorization unit 304 has the service voucher for the electric vehicle 302 (received at stage E after the account authorization process is completed) and knowledge of the matched charging station 306 (after completing the service matching process at stage D). Additionally, the matching authorization unit 304 may also transmit a notification to the electric vehicle 302 identifying the matched charging station 306 that will provide the electric power.
  • At stage G, the matched charging station 306 provides the authorized amount of electric power to the electric vehicle 302 in accordance with the service voucher. For example, the matched charging station 306 can close one or more power relays and provide the authorized amount of power to the electric vehicle 302. In some embodiments, the matched charging station 306 can also provide a notification to the matching authorization unit 304 to indicate that power is being provided to the electric vehicle 302. In some embodiments, after the electric vehicle 302 detects receipt of power from the matched charging station 306, the electric vehicle 302 can transmit an acknowledgement message to the matched charging station 306. In some embodiments, if the matched charging station 306 does not receive an acknowledgement within a predetermined acknowledgment time interval, the matched charging station 306 can suspend power transfer to the electric vehicle 302 and can notify the matching authorization unit 304 of a potential error. After receiving the acknowledgement, the matched charging station 306 and/or the electric vehicle 302 may present one or more audio/visual notifications (e.g., a charging light, a beeping sound, etc.) to notify the user that the service is being provided to the electric vehicle 302 (e.g., that electric vehicle 302 is being charged). The charging station 306 can enforce the limitations (if any) specified in the service voucher and can provide power to the electric vehicle 302 in accordance with the service voucher. The received service voucher can indicate, to the matched charging station 306, that the owner of the electric vehicle 302 will provide compensation for authorized services (indicated in the service voucher) provided by the charging station 306.
  • In some embodiments, as described above, if the matched charging station 306 does not receive an acknowledgement from the electric vehicle 302 within a predetermined time interval (after the matched charging station 306 starts providing power), the matched charging station 306 can stop providing power to the electric vehicle 302. In other embodiments, the matched charging station 306 can stop providing power to the electric vehicle 302 if the matched charging station 306 detects that the electric vehicle 302 was unplugged. In another embodiment, the matched charging station 306 can stop providing power to the electric vehicle 302 if the matched charging station 306 detects that an authorized limit (specified in the service voucher) was reached. In another embodiment, the matched charging station 306 can stop providing power to the electric vehicle 302 in response to the electric vehicle 302 requesting power termination.
  • It should be understood that although FIG. 3 describes the matching authorization unit 304 as a single entity that authenticates the electric vehicle 302, determines a charging station 306 should provide the electric vehicle 302 with power, and forwards authorization information received from account authorization unit 312 to the matched charging station 306, embodiments are not so limited. In other embodiments, the matching authorization unit 304 can be implemented in a distributed format. For example, the matching authorization unit 304 can include three (or more) distinct sub-units each of which execute one function of the matching authorization unit 304. For example, the first sub-unit can authenticate the electric vehicle 302 and provide the electric vehicle 302 with the MAS information and/or a signing key. The second sub-unit can determine, during the service matching process, which charging station 306 should provide power to the electric vehicle 302. The third sub-unit can accept authorization information from the account authorization unit 312 on behalf of the electric vehicle 302 and forward this authorization to the charging station 306 that was matched with the electric vehicle 302.
  • In some embodiments, as described in FIG. 3, the matching authorization unit 304 can determine which charging station should be matched with the electric vehicle 302. However, in other embodiments, some/all of the charging stations can determine (in a distributed manner) which charging station should be matched with the electric vehicle 302. For example, in response to receiving the service matching messages from the electric vehicle 302, the charging stations 306, 308, and 310 can determine the signal/attenuation level and communicate this information to a designated charging station 310. The designated charging station 310 can determine which of the charging stations 306, 308, or 310 should be matched with the electric vehicle 302.
  • In some embodiments, as described with reference to FIG. 3, the service voucher indicating account authorization can be provided to the matching authorization unit 304. Providing the service voucher to the matching authorization unit 304 (instead of waiting until the appropriate charging station is identified) can minimize delay and can ensure that the electric vehicle 302 receives the service (if authorized) as soon as possible. In other embodiments, however, the service voucher indicating account authorization can be provided to another suitable designated device (e.g., a predetermined charging station). In other embodiments, the service voucher indicating account authorization can be provided directly to the electric vehicle 302. In this embodiment, the matching authorization unit 304 may also provide a notification of the matched charging station to the electric vehicle 302. The electric vehicle 302 may then transmit the service voucher to the matched charging station.
  • FIG. 4 is a flow diagram 400 illustrating example operations of a matching authorization unit in a distributed client authentication and service authorization environment. The flow begins at block 402.
  • At block 402, a matching authorization unit of a local communication network receives security credentials associated with a customer device that connects to the local communication network. With reference to the example of FIG. 3, the customer device can be an electric vehicle 302 (e.g., a plug-in electric vehicle (PEV)). The customer device 302 can connect to the local communication network 300 that comprises one or more local service providers (e.g., the charging stations 306, 308, and 310) to receive power from one of the charging stations. The customer device 302 can then provide its security credentials (e.g., a customer ID) to the matching authorization unit 304. In some embodiments, one of the local service providers 310 in the local communication network 300 can be designated as the matching authorization unit 304. In another embodiment, the matching authorization unit 304 may be another network device that is distinct from the local service providers 306, 308, and 310. The flow continues at block 404.
  • At block 404, it is determined whether the security credentials received from the customer device are valid. For example, the matching authorization unit 304 can determine whether the security credentials received from the electric vehicle 302 are valid and whether the electric vehicle 302 can be authenticated. If the matching authorization unit 304 determines that security credentials associated with the customer device are valid, the flow continues at block 408. Otherwise, the flow continues at block 406.
  • At block 406, a communication channel is not established with the customer device if the security credentials received from the customer device are determined not to be valid. For example, the flow 400 moves from block 404 to block 406 if the matching authorization unit 304 is unable to authenticate the security credentials associated with the electric vehicle 302. As described above with reference to block 206 of FIG. 2, the matching authorization unit 304 can determine not to establish a communication link with the electric vehicle 302 and can prevent the electric vehicle 302 from receiving power from any of the charging stations 306, 308, and 310. From block 406, the flow ends.
  • At block 408, a secure communication channel is established with the customer device if the security credentials received from the customer device are determined to be valid. The flow 400 moves from block 404 to block 408 after the matching authorization unit 304 authenticates the security credentials associated with the customer device. For example, as described above with reference to block 208 of FIG. 2, the matching authorization unit 304 can establish a secure communication channel with the electric vehicle 302. The flow continues at block 410.
  • At block 410, information associated with the matching authorization unit (“MAS information”) is provided to the customer device. For example, the matching authorization unit 304 can transmit the MAS information (e.g., identity, location, etc.) to the customer device 302. In some embodiments, the matching authorization unit 304 may execute operations that are similar to the key distribution unit 104 of FIGS. 1-2 to determine the signing key unique to the customer device 302. For example, the matching authorization unit 304 and the local service providers (e.g., the charging stations) may have a priori knowledge of a secret master key. In this embodiment, the matching authorization unit 304 can generate a temporary signing key based on the master key, the customer ID and one or more suitable parameters (e.g., a sequence number, a timestamp, a random number, a location, etc.). Any messages transmitted by the customer device 302 can be signed using this temporary signing key for identification of the customer device 302. In another embodiment, the matching authorization unit 304, the customer device 302, and the local service providers 306, 308, 310 can use public key encryption to exchange messages during the local service matching process. For example, the customer device 302 can connect to the local communication network 300 and provide its public certificate to all the local service providers 306, 308, 310 and to the matching authorization unit 304. The customer device 302 can use a key based on the public certificate to sign all messages transmitted by the customer device 302. The matching authorization unit 304 (and the local service providers 306, 308, 310) can validate the received message based on this key. The flow continues at block 412.
  • At block 412, the matching authorization unit initiates a service matching process with the customer device. As described above with reference to stage D of FIG. 3, the matching authorization unit 304 can execute the service matching process in conjunction with the customer device 302 and the local service providers 306, 308, and 310. The flow continues at block 414.
  • At block 414, the customer device is matched to one of the local service providers. In other words, after the service matching process is completed, the matching authorization unit 304 identifies one of the local service providers 306 that should provide services to the customer device 302. The matching authorization unit 304 may identify the matched local service provider based on availability of local service providers, proximity of the local service providers to the customer device, compatibility of the local service providers with the customer device, etc. In one example, after the matching process is completed, the matching authorization unit 304 identifies one of the charging stations 306 that is matched to the electric vehicle 302 and that will provide power to the electric vehicle 302. The flow continues at block 416.
  • At block 416, a service voucher that indicates authentication of a payment account associated with the customer device is received from an account authorization unit. For example, after the account authorization unit 312 of FIG. 3 completes the account authorization process (using the MAS information and the security credentials associated with the customer device 302), the account authorization unit 312 can securely transmit the service voucher to the matching authorization unit 304. The service voucher can indicate an account balance available to the customer device 302 and authorized services that can be provided by the charging stations. In some embodiments, the service voucher may be a notification from the account authorization unit 312 that indicates that the payment account associated with the customer device 302 comprises sufficient funds to pay for the service. The flow continues at block 418.
  • At block 418, the service voucher is provided to the matched local service provider to cause the matched local service provider to provide a service to the customer device. The matching authorization unit 304 can securely transmit the service voucher to the matched local service provider 306 when the matching authorization unit 304 has the service voucher for the customer device 302 (received at block 416 after the account authorization process is completed) and knowledge of the matched local service provider 306 (after completing the service matching process at block 414). The service voucher can also indicate limitations on the service that can be provided, based on characteristics and state of the payment account, characteristics of the local service provider, characteristics of the customer device, and permissions the customer has for the account. As described above with reference to FIG. 3, after the matched local service provider 306 receives the service voucher, the matched local service provider 306 can provide the service (e.g., an authorized amount of power) to the customer device 302 in accordance with the received service voucher. From block 418, the flow ends.
  • In some embodiments, in addition to providing the service voucher to the matched charging station 306, the matching authorization unit 304 can also cause the matched charging station 306 to close its power relays on an appropriate power cable and to provide power to the electric vehicle 302. The matching authorization unit 304 can receive an acknowledgement message from the electric vehicle 302 after the matched charging station 306 begins providing power to the electric vehicle 302. The matching authorization unit 304 can forward the acknowledgement message received from the electric vehicle 302 to the matched charging station 306. Furthermore, it is noted that if the account authorization unit 312 indicates to the matching authorization unit 304 that the account associated with the electric vehicle 302 is not valid (e.g., that the account does not have sufficient funds), the matching authorization unit 304 can notify the matched charging station 306 to not provide power to the electric vehicle 302. The matching authorization unit 304 may also prompt the electric vehicle 302 to disconnect from the local communication network 300. In some embodiments, if the matching authorization unit 304 receives a notification from the charging station 306 that the electric vehicle 302 is no longer in the local communication network 300, the matching authorization unit 304 can forward this notification to the account authorization unit 312.
  • FIG. 5 is a flow diagram 500 illustrating example operations of a customer device in a distributed client authentication and service authorization environment. The flow 500 begins at block 502.
  • At block 502, a customer device connects to a communication network and transmits security credentials to a matching authorization unit of the communication network. In one embodiment, the customer device can be an electric vehicle. As described above in FIG. 3, the electric vehicle 302 can detect activity on a pilot line after connecting to a charging station of a charging facility (e.g., the local communication network 300). In some embodiments, after detecting that the pilot line is activated, the electric vehicle 302 (e.g., a communication unit 303 of the electric vehicle 302) can transmit “join request” messages on the communication network. The electric vehicle 302 can receive a “join confirmation” message from one of the charging stations in the communication network. In response to receiving the “join confirmation” message from a charging station, the electric vehicle can join a network associated with that charging station. In some embodiments, the customer device 302 can then transmit identification information (e.g., a customer ID), an X.509v3 certificate with public keys bound to the customer ID, etc. to the matching authorization unit 304 of the local communication network 300. The flow continues at block 504.
  • At block 504, a secure communication channel is established with the matching authorization unit. For example, after the customer device 302 transmits its security credentials to the matching authorization unit 304, the matching authorization unit 304 can authenticate the customer device 302 and can establish the secure communication channel with the customer device 302. In some embodiments, the secure communication link can be established using an X.509v3 certificate that includes an identifier of the customer device 302. The flow continues at block 506.
  • At block 506, information for conducting the matching service process and the account authorization process in parallel are received from the matching authorization unit. For example, in one embodiment, the customer device 302 (e.g., the communication unit) can receive a unique signing key (generated by the matching authorization unit 304 as described above in FIGS. 1-4) and other parameters that were used for generating the signing key. Additionally, the electric vehicle may also receive MAS information (e.g., an identifier or location of the matching authorization unit 304). The customer device 302 may also receive one or more SLAC parameters (e.g., a number of service matching messages that should be transmitted to each local service provider, a maximum time interval for conducting the service matching process, etc.) to enable the customer device 302 to execute the service matching process in conjunction with the matching authorization unit 304. The flow continues at block 508.
  • At block 508, a secure communication channel is established with the account authorization unit and account authorization is requested. For example, the customer device 302 (e.g., the communication unit) can transmit its customer ID and the MAS information to the account authorization unit 312. As described above in FIG. 3, the account authorization unit 312 can authenticate the customer device 302 and can establish the secure communication channel with the customer device 302. In some embodiments, the secure communication channel can be established using an X.509v3 certificate that includes an identifier of the customer device 302. The customer device 302 can also request that the account associated with the customer device 302 be authorized and that the authorization results be provided to the matching authorization unit 304. The flow continues at block 510.
  • At block 510, while the account authorization process is ongoing, the matching service process is conducted with the local service providers and the matching authorization unit. As described above in FIG. 3, the customer device 302 (e.g., the communication unit 303) can transmit one or more service matching messages to each of the local service providers 306, 308, and 310 in the local communication network 300. In some embodiments, the customer device 302 can sign each service matching message with the signing key (or another suitable key) received at block 506 and can also provide one or more parameters (if necessary) that were used to generate the signing key. As described above with reference to FIGS. 3-4, the matching authorization unit 304 can analyze signal/attenuation information received from the local service providers (based on the service matching messages) and can identify one of the local service providers that should provide service to the customer device. The flow continues at block 512.
  • At block 512, it is detected that service is provided by a local service provider. For example, the electric vehicle 302 (e.g., the communication unit) can detect that power is being provided by one of the charging stations 306. The flow continues at block 514.
  • At block 514, an acknowledgement for the received service is transmitted. For example, the electric vehicle 302 (e.g., the communication unit 303) can transmit the acknowledgement for the received power (e.g., to the local service provider 306 and/or to the matching authorization unit 304). From block 514, the flow ends.
  • It should be understood that FIGS. 1-5 are examples meant to aid in understanding embodiments and should not be used to limit embodiments or limit scope of the claims. Embodiments may comprise additional circuit components, different circuit components, and/or may perform additional operations, fewer operations, operations in a different order, operations in parallel, and some operations differently. In some embodiments, in order for the account authorization process to execute in parallel with the service matching process, it may be required that the customer device 302 identified in the service matching process be inextricably bound to the customer device 302 identified in the account authorization process. In this embodiment, a unique customer ID that is bound to a public key in a public key certificate (e.g., X.509v3), signed by a trusted certificate authority (CA) can be used for customer identity binding. The customer ID in a certificate used by the customer device 302 in the service matching process (e.g., to obtain the signing key, the MAS information, etc.) can be compared against the customer ID used by the customer device to obtain account authorization from the account authorization unit 312, to ensure that they are identical.
  • It is also noted that although examples refer to simultaneous client authentication and account authorization in an electric vehicle charging environment, embodiments are not so limited. In other embodiments, the operations described herein for simultaneous client authentication and account authorization can be extended to other suitable operating environments (e.g., gaming environments).
  • As will be appreciated by one skilled in the art, aspects of the present inventive subject matter may be embodied as a system, method, or computer program product. Accordingly, aspects of the present inventive subject matter may take the form of an entirely hardware embodiment, a software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present inventive subject matter may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
  • Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for carrying out operations for aspects of the present inventive subject matter may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • Aspects of the present inventive subject matter are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the inventive subject matter. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • FIG. 6 is a block diagram of one embodiment of an electronic device 600 including a broadcast authentication and service matching mechanism in a communication network. In some implementations, the communication network may be a public charging facility and the electronic device 600 may be a charging station or another suitable coordinator unit in the charging facility. In other implementations, the electronic device 600 may be a desktop computer, a workstation, a server computer, or other electronic systems with wired communication capabilities (e.g., powerline communication capabilities) and/or wireless communication capabilities (e.g., WLAN communication capabilities). The electronic device 600 includes a processor unit 602 (possibly including multiple processors, multiple cores, multiple nodes, and/or implementing multi-threading, etc.). The electronic device 600 includes a memory unit 606. The memory unit 606 may be system memory (e.g., one or more of cache, SRAM, DRAM, zero capacitor RAM, Twin Transistor RAM, eDRAM, EDO RAM, DDR RAM, EEPROM, NRAM, RRAM, SONOS, PRAM, etc.) or any one or more of the above already described possible realizations of machine-readable media. The electronic device 600 also includes a bus 610 (e.g., PCI, ISA, PCI-Express, HyperTransport®, InfiniBand®, NuBus, AHB, AXI, etc.), and network interfaces 604 that include at least one of a wireless network interface (e.g., a Bluetooth interface, a WLAN 802.11 interface, a WiMAX interface, a ZigBee® interface, a Wireless USB interface, etc.) and a wired network interface (e.g., an Ethernet interface, a powerline communication interface, etc.).
  • The electronic device 600 also includes a coordinator unit 608. The coordinator unit 608 comprises a key distribution unit 612 and a matching authorization unit 614. The key distribution unit 612 can execute operations described above with reference to FIGS. 1-2 to generate a signing key for a sender device (e.g., an electric vehicle) for easier verification of messages transmitted by the sender device. The matching authorization unit 614 can execute operations described above with reference to FIGS. 3-4 to A) authenticate a customer device (e.g., an electric vehicle), B) provide the customer device with information to enable the customer device 302 to execute the service matching process and the account authorization process in parallel, C) execute the service matching process for determining which service provider should service the customer device, D) accept authorization information from a remote account authorization unit on behalf of the customer device, and E) forward this authorization to the local service provider that was matched with the customer device. It is noted that although FIG. 6 depicts the coordinator unit 608 as comprising both the key distribution unit 612 and the matching authorization unit 614, embodiments are not so limited. In other embodiments, the coordinator unit 608 may only comprise the key distribution unit 612 that is configured to execute operations described above in FIGS. 1-2 for broadcast authorization of the sender device. In other embodiments, the coordinator unit 608 may comprise the matching authorization unit 614 that is configured to execute functionality described above in FIGS. 3-4. In this embodiment, the matching authorization unit 614 may or may not execute the functionality of the key distribution unit 612.
  • Any one of these functionalities may be partially (or entirely) implemented in hardware and/or on the processor unit 602. For example, the functionality may be implemented with an application specific integrated circuit, in logic implemented in the processor unit 602, in a co-processor on a peripheral device or card, etc. Further, realizations may include fewer or additional components not illustrated in FIG. 6 (e.g., video cards, audio cards, additional network interfaces, peripheral devices, etc.). The processor unit 602, the memory unit 606, and the network interfaces 604 are coupled to the bus 610. Although illustrated as being coupled to the bus 610, the memory unit 606 may be coupled to the processor unit 602.
  • While the embodiments are described with reference to various implementations and exploitations, it will be understood that these embodiments are illustrative and that the scope of the inventive subject matter is not limited to them. In general, a mechanism for secure client authentication and service authorization in a shared communication network as described herein may be implemented with facilities consistent with any hardware system or hardware systems. Many variations, modifications, additions, and improvements are possible.
  • Plural instances may be provided for components, operations, or structures described herein as a single instance. Finally, boundaries between various components, operations, and data stores are somewhat arbitrary, and particular operations are illustrated in the context of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within the scope of the inventive subject matter. In general, structures and functionality presented as separate components in the exemplary configurations may be implemented as a combined structure or component. Similarly, structures and functionality presented as a single component may be implemented as separate components. These and other variations, modifications, additions, and improvements may fall within the scope of the inventive subject matter.

Claims (33)

What is claimed is:
1. A method comprising:
establishing a secure communication channel between a client network device and a managing network device of a communication network based, at least in part, on a client identifier of the client network device;
causing the client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
securely matching the client network device with a first of the plurality of service providers;
securely receiving a service voucher at the managing network device from the accounting network device authorizing one or more of the service providers of the communication network to service the client network device in response to the accounting network device executing the account authorizing process with the client network device; and
securely transmitting the service voucher from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider.
2. The method of claim 1, wherein said securely matching the client network device with the first of the plurality of service providers further comprises:
generating, at the managing network device, a client key that is unique to the client network device based, at least in part, on the client identifier and on a master key known to the managing network device and the plurality of service providers of the communication network;
providing the client key from the managing network device to the client network device via the secure communication channel to allow the client network device to securely communicate with the plurality of service providers of the communication network;
receiving, from each of the plurality of service providers, a message that indicates a signal level detected at the service provider in response to a service matching message from the client network device; and
selecting the first of the plurality of service providers that detected the highest signal level as the matching service provider for the client network device.
3. The method of claim 2, further comprising:
transmitting, from the managing network device to the client network device, a number of service matching messages that should be transmitted from the client network device to the plurality of service providers.
4. The method of claim 2, wherein the client key is a temporary key and is generated based, at least in part, on the master key, the client identifier, and one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and/or a location identifier.
5. The method of claim 2, wherein the client key is a public encryption key.
6. The method of claim 1, wherein the client identifier is authenticated by the managing network device and by the accounting network device, and the service voucher is bound to the client identifier.
7. The method of claim 1, wherein the managing network device is one of the plurality of service providers.
8. The method of claim 7, further comprising:
determining, at the managing network device, a message counter value from a message received from the client network device;
comparing the received message counter value with a previously received message counter value from the client network device;
discarding the received message if the received message counter value is less than or equal to the previously received message counter value; and
processing the received message if the received message counter value is greater than the previously received message counter value.
9. The method of claim 1, wherein the client network device comprises a plug-in electric vehicle, the plurality of service providers comprise a plurality of electric charging stations, the managing network device comprises a managing system associated with the plurality of electric charging stations, and the accounting network device comprises a remote account authorization server for one or more client accounts.
10. The method of claim 1, further comprising:
determining, at the managing network device, a first value of the client identifier associated with the client network device, wherein the first value of the client identifier was used for executing the service matching process;
determining a second value of the client identifier associated with the client network device, wherein the second value was used for executing the account authorization process;
determining whether the first value of the client identifier matches the second value of the client identifier;
in response to determining that the first value of the client identifier matches the second value of the client identifier, said securely transmitting the service voucher from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider;
in response to determining that the first value of the client identifier does not match the second value of the client identifier, preventing the matching service provider from servicing the client network device.
11. A method comprising:
establishing, at a client network device, a secure communication channel with a managing network device of a communication network based, at least in part, on a client identifier of the client network device;
receiving, from the managing network device, identification information associated with the managing network device via the secure communication channel;
providing the client identifier and the identification information associated with the managing network device to an accounting network device to cause the accounting network device to execute an account authorization process with the client network device;
in parallel with the account authorization process, executing a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
detecting receipt of service from a first of the plurality of service providers of the communication network after completion of the account authorization process and the service matching process; and
transmitting an acknowledgement message to one of the managing network device and the first of the plurality of service providers in response to said detecting receipt of service from the first of the plurality of service providers of the communication network.
12. The method of claim 11, wherein the identification information associated with the managing network device comprises a device identifier of the managing network device and a location of the managing network device.
13. The method of claim 11, wherein said receiving, from the managing network device, identification information associated with the managing network device further comprises:
receiving, from the managing network device, one or more service matching parameters to cause the client network device to initiate the service matching process with the managing network device and the plurality of service providers of the communication network.
14. The method of claim 11, further comprising:
receiving, from the managing network device, a client key that is unique to the client network device, via the secure communication channel, wherein the client key enables the client network device to securely communicate with the plurality of service providers of the communication network;
receiving client key generation parameters based on which the client key was determined, wherein the client key generation parameters comprise one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and a location identifier;
wherein said executing the service matching process with the managing network device and one or more of a plurality of service providers of the communication network comprises:
signing one or more service matching messages using the client key; and
transmitting the one or more service matching messages and the client key generation parameters to the plurality of service providers.
15. The method of claim 14, wherein said transmitting the one or more service matching messages and the client key generation parameters to the plurality of service providers comprises:
determining whether a length of the service matching message scheduled to be transmitted to the plurality of service providers is greater than a predetermined threshold message length;
in response to determining that the length of the service matching message is greater than the predetermined threshold message length,
transmitting an initialization message including the client key generation parameters to the plurality of service providers; and
transmitting the client identifier and the sequence number in the one or more service matching messages; and
in response to determining that the length of the service matching message is less than the predetermined threshold message length,
transmitting the client key generation parameters as part of the one or more service matching messages.
16. A managing network device comprising:
a network interface; and
a matching authorization unit coupled with the network interface, the matching authorization unit operable to:
establish a secure communication channel between a client network device and the managing network device of a communication network based, at least in part, on a client identifier of the client network device;
cause the client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
securely match the client network device with a first of the plurality of service providers;
securely receive a service voucher from the accounting network device authorizing one or more of the service providers of the communication network to service the client network device in response to the accounting network device executing the account authorizing process with the client network device; and
securely transmit the service voucher to the matching service provider to allow the client network device to be serviced by the matching service provider.
17. The managing network device of claim 16, wherein the matching authorization unit operable to securely match the client network device with the first of the plurality of service providers further comprises the matching authorization unit operable to:
generate a client key that is unique to the client network device based, at least in part, on the client identifier and on a master key known to the managing network device and the plurality of service providers of the communication network;
provide the client key to the client network device via the secure communication channel to allow the client network device to securely communicate with the plurality of service providers of the communication network;
receive, from each of the plurality of service providers, a message that indicates a signal level detected at the service provider in response to a service matching message from the client network device; and
select the first of the plurality of service providers that detected the highest signal level as the matching service provider for the client network device.
18. The managing network device of claim 17, wherein the matching authorization unit is further operable to:
transmit, to the client network device, a number of service matching messages that should be transmitted from the client network device to the plurality of service providers.
19. The managing network device of claim 17, wherein the client key is a temporary key and is generated based, at least in part, on the master key, the client identifier, and one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and/or a location identifier.
20. The managing network device of claim 16, wherein the matching authorization unit is further operable to:
determine a first value of the client identifier associated with the client network device, wherein the first value of the client identifier was used for executing the service matching process;
determine a second value of the client identifier associated with the client network device, wherein the second value was used for executing the account authorization process;
determine whether the first value of the client identifier matches the second value of the client identifier;
in response to the matching authorization unit determining that the first value of the client identifier matches the second value of the client identifier, the matching authorization unit is operable to securely transmit the service voucher to the matching service provider to allow the client network device to be serviced by the matching service provider;
in response to the matching authorization unit determining that the first value of the client identifier does not match the second value of the client identifier, the matching authorization unit is operable to prevent the matching service provider from servicing the client network device.
21. A network device comprising:
a network interface; and
a communication unit coupled with the network interface, the communication unit operable to:
establish a secure communication channel with a managing network device of a communication network based, at least in part, on a client identifier of the network device;
receive, from the managing network device, identification information associated with the managing network device via the secure communication channel;
provide the client identifier and the identification information associated with the managing network device to an accounting network device to cause the accounting network device to execute an account authorization process with the network device;
in parallel with the account authorization process, execute a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
detect receipt of service from a first of the plurality of service providers of the communication network after completion of the account authorization process and the service matching process; and
transmit an acknowledgement message to one of the managing network device and the first of the plurality of service providers in response to the communication unit detecting receipt of service from the first of the plurality of service providers of the communication network.
22. The network device of claim 21, wherein the communication unit operable to receive, from the managing network device, identification information associated with the managing network device further comprises the communication unit operable to:
receive, from the managing network device, one or more service matching parameters to cause the network device to initiate the service matching process with the managing network device and the plurality of service providers of the communication network.
23. The network device of claim 21, wherein the communication unit is further operable to:
receive, from the managing network device, a client key that is unique to the network device, via the secure communication channel, wherein the client key enables the network device to securely communicate with the plurality of service providers of the communication network;
receive client key generation parameters based on which the client key was determined, wherein the client key generation parameters comprise one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and a location identifier;
wherein the communication unit operable to execute the service matching process with the managing network device and one or more of a plurality of service providers of the communication network comprises the communication unit operable to:
sign one or more service matching messages using the client key; and
transmit the one or more service matching messages and the client key generation parameters to the plurality of service providers.
24. The network device of claim 23, wherein the communication unit operable to transmit the one or more service matching messages and the client key generation parameters to the plurality of service providers comprises the communication unit operable to:
determine whether a length of the service matching message scheduled to be transmitted to the plurality of service providers is greater than a predetermined threshold message length;
in response to the communication unit determining that the length of the service matching message is greater than the predetermined threshold message length,
transmit an initialization message including the client key generation parameters to the plurality of service providers; and
transmit the client identifier and the sequence number in the one or more service matching messages; and
in response to the communication unit determining that the length of the service matching message is less than the predetermined threshold message length,
transmit the client key generation parameters as part of the one or more service matching messages.
25. A method comprising:
establishing a secure communication channel between a plug-in electric vehicle and a managing network device of a communication network based, at least in part, on a client identifier of the plug-in electric vehicle;
causing the plug-in electric vehicle to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of electric charging stations of the communication network;
securely matching the plug-in electric vehicle with a first of the plurality of electric charging stations;
securely receiving a service voucher at the managing network device from the accounting network device authorizing one or more of the electric charging stations of the communication network to provide electric power to the plug-in electric vehicle in response to the accounting network device executing the account authorizing process with the plug-in electric vehicle; and
securely transmitting the service voucher from the managing network device to the matching electric charging station to allow the plug-in electric vehicle to receive electric power from the matching electric charging station.
26. The method of claim 25, wherein said securely matching the plug-in electric vehicle with the first of the plurality of electric charging stations further comprises:
generating, at the managing network device, a client key that is unique to the plug-in electric vehicle based, at least in part, on the client identifier and on a master key known to the managing network device and the plurality of electric charging stations of the communication network;
providing the client key from the managing network device to the plug-in electric vehicle via the secure communication channel to allow the plug-in electric vehicle to securely communicate with the plurality of electric charging stations of the communication network;
receiving, from each of the plurality of electric charging stations, a message that indicates a signal level detected at the electric charging station in response to a service matching message from the plug-in electric vehicle; and
selecting the first of the plurality of electric charging stations that detected the highest signal level as the matching electric charging station for the plug-in electric vehicle.
27. The method of claim 26, wherein the client key is a temporary key and is generated based, at least in part, on the master key, the client identifier, and one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and/or a location identifier.
28. One or more machine-readable storage media having instructions stored therein, which when executed by one or more processors causes the one or more processors to perform operations that comprise:
establishing a secure communication channel between a client network device and a managing network device of a communication network based, at least in part, on a client identifier of the client network device;
causing the client network device to perform an account authorization process with an accounting network device in parallel with a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
securely matching the client network device with a first of the plurality of service providers;
securely receiving a service voucher at the managing network device from the accounting network device authorizing one or more of the service providers of the communication network to service the client network device in response to the accounting network device executing the account authorizing process with the client network device; and
securely transmitting the service voucher from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider.
29. The machine-readable storage media of claim 28, wherein said operation of securely matching the client network device with the first of the plurality of service providers further comprises:
generating a client key that is unique to the client network device based, at least in part, on the client identifier and on a master key known to the managing network device and the plurality of service providers of the communication network;
providing the client key to the client network device via the secure communication channel to allow the client network device to securely communicate with the plurality of service providers of the communication network;
receiving, from each of the plurality of service providers, a message that indicates a signal level detected at the service provider in response to a service matching message from the client network device; and
selecting the first of the plurality of service providers that detected the highest signal level as the matching service provider for the client network device.
30. The machine-readable storage media of claim 28, wherein the operations further comprise:
determining a first value of the client identifier associated with the client network device, wherein the first value of the client identifier was used for executing the service matching process;
determining a second value of the client identifier associated with the client network device, wherein the second value was used for executing the account authorization process;
determining whether the first value of the client identifier matches the second value of the client identifier;
in response to determining that the first value of the client identifier matches the second value of the client identifier, said securely transmitting the service voucher from the managing network device to the matching service provider to allow the client network device to be serviced by the matching service provider;
in response to determining that the first value of the client identifier does not match the second value of the client identifier, preventing the matching service provider from servicing the client network device.
31. One or more machine-readable storage media having instructions stored therein, which when executed by one or more processors causes the one or more processors to perform operations that comprise:
establishing a secure communication channel with a managing network device of a communication network based, at least in part, on a client identifier of a client network device;
receiving, from the managing network device, identification information associated with the managing network device via the secure communication channel;
providing the client identifier and the identification information associated with the managing network device to an accounting network device to cause the accounting network device to execute an account authorization process with the client network device;
in parallel with the account authorization process, executing a service matching process with the managing network device and one or more of a plurality of service providers of the communication network;
detecting receipt of service from a first of the plurality of service providers of the communication network after completion of the account authorization process and the service matching process; and
transmitting an acknowledgement message to one of the managing network device and the first of the plurality of service providers in response to said detecting receipt of service from the first of the plurality of service providers of the communication network.
32. The machine-readable storage media of claim 31, wherein the operations further comprise:
receiving, from the managing network device, a client key that is unique to the client network device, via the secure communication channel, wherein the client key enables the client network device to securely communicate with the plurality of service providers of the communication network;
receiving client key generation parameters based on which the client key was determined, wherein the client key generation parameters comprise one or more of a sequence number, a random number, a start/end timestamp, a lifetime duration, a message counter, and a location identifier;
wherein said executing the service matching process with the managing network device and one or more of a plurality of service providers of the communication network comprises:
signing one or more service matching messages using the client key; and
transmitting the one or more service matching messages and the client key generation parameters to the plurality of service providers.
33. The machine-readable storage media of claim 32, wherein said operation of transmitting the one or more service matching messages and the client key generation parameters to the plurality of service providers comprises:
determining whether a length of the service matching message scheduled to be transmitted to the plurality of service providers is greater than a predetermined threshold message length;
in response to determining that the length of the service matching message is greater than the predetermined threshold message length,
transmitting an initialization message including the client key generation parameters to the plurality of service providers; and
transmitting the client identifier and the sequence number in the one or more service matching messages; and
in response to determining that the length of the service matching message is less than the predetermined threshold message length,
transmitting the client key generation parameters as part of the one or more service matching messages.
US13/527,486 2011-06-21 2012-06-19 Secure client authentication and service authorization in a shared communication network Expired - Fee Related US9003492B2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US13/527,486 US9003492B2 (en) 2011-06-21 2012-06-19 Secure client authentication and service authorization in a shared communication network
PCT/US2012/043415 WO2012177812A1 (en) 2011-06-21 2012-06-20 Secure client authentication and network service authorization
JP2014517134A JP5755805B2 (en) 2011-06-21 2012-06-20 Secure client authentication and network service authorization
EP12733313.6A EP2724516B1 (en) 2011-06-21 2012-06-20 Secure client authentication and network service authorization
KR1020147001689A KR101543445B1 (en) 2011-06-21 2012-06-20 Secure client authentication and network service authorization
CN201280030511.7A CN103765857B (en) 2011-06-21 2012-06-20 The client certificate of safety and network service mandate

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161499562P 2011-06-21 2011-06-21
US13/527,486 US9003492B2 (en) 2011-06-21 2012-06-19 Secure client authentication and service authorization in a shared communication network

Publications (2)

Publication Number Publication Date
US20130160086A1 true US20130160086A1 (en) 2013-06-20
US9003492B2 US9003492B2 (en) 2015-04-07

Family

ID=46466886

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/527,486 Expired - Fee Related US9003492B2 (en) 2011-06-21 2012-06-19 Secure client authentication and service authorization in a shared communication network

Country Status (6)

Country Link
US (1) US9003492B2 (en)
EP (1) EP2724516B1 (en)
JP (1) JP5755805B2 (en)
KR (1) KR101543445B1 (en)
CN (1) CN103765857B (en)
WO (1) WO2012177812A1 (en)

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289520A1 (en) * 2013-03-25 2014-09-25 Kabushiki Kaisha Toshiba Communication device, communication system, communication method, and computer program product
US20140285146A1 (en) * 2013-03-15 2014-09-25 Kenguru, Inc. Vehicle communications, power management, and seating systems
US20150095997A1 (en) * 2012-05-29 2015-04-02 Toyota Jidosha Kabushiki Kaisha Authentication system and authentication method
US9021278B2 (en) 2011-08-10 2015-04-28 Qualcomm Incorporated Network association of communication devices based on attenuation information
US9026813B2 (en) 2010-11-22 2015-05-05 Qualcomm Incorporated Establishing a power charging association on a powerline network
US20150149781A1 (en) * 2013-06-25 2015-05-28 Google Inc. Authenticated session establishment
CN104698883A (en) * 2013-12-10 2015-06-10 福特全球技术公司 Method to ensure reliable reception of electric vehicle association messages
CN105281807A (en) * 2014-06-16 2016-01-27 Ls产电株式会社 Communication device using power line and method of operating the same
US20160119291A1 (en) * 2014-10-24 2016-04-28 Netflix, Inc Secure communication channel with token renewal mechanism
US20180026792A1 (en) * 2016-07-25 2018-01-25 Elyes Ben Hamida Methods and systems for prioritized authentication between mobile objects
US20180191504A1 (en) * 2015-08-31 2018-07-05 Alibaba Group Holding Limited Verification information update
US20180337773A1 (en) * 2017-05-19 2018-11-22 Fujitsu Limited Communication device and communication method
US20190065789A1 (en) * 2017-08-29 2019-02-28 Motorola Solutions, Inc. Device and method for power source based device authentication
US20190239144A1 (en) * 2006-08-10 2019-08-01 V2Green, Inc. Connection locator in a power aggregation system for distributed electric resources
US20190245705A1 (en) * 2018-02-05 2019-08-08 Onboard Security, Inc. Connected Vehicle Communication Wth Improved Misbehavior Processing
US20190281027A1 (en) * 2018-03-12 2019-09-12 International Business Machines Corporation Wireless communication between vehicles
US10432408B2 (en) * 2012-08-30 2019-10-01 Texas Instruments Incorporated Retention and revocation of operation keys by a control unit
US20200009973A1 (en) * 2018-07-05 2020-01-09 Audi Ag System and a method for unlocking a charging plug inserted in a vehicle charging socket
US11046201B2 (en) * 2019-03-25 2021-06-29 Micron Technology, Inc. Electric vehicle charging station system
US11059377B2 (en) * 2017-02-21 2021-07-13 Audi Ag Charging device for charging an electrically driven motor vehicle having access to a data network and method for operating a charging device of this kind
US11212080B2 (en) * 2016-11-18 2021-12-28 Kddi Corporation Communication system, vehicle, server device, communication method, and computer program
US11330432B2 (en) * 2017-06-27 2022-05-10 Kddi Corporation Maintenance system and maintenance method
US11366885B2 (en) * 2017-08-14 2022-06-21 Kddi Corporation Vehicle security system and vehicle security method
US11399019B2 (en) * 2014-10-24 2022-07-26 Netflix, Inc. Failure recovery mechanism to re-establish secured communications
US11418328B2 (en) * 2018-11-26 2022-08-16 Electronics And Telecommunications Research Institute System for key control for in-vehicle network
US11424921B2 (en) 2015-11-09 2022-08-23 Dealerware, Llc Vehicle access systems and methods
US20230093992A1 (en) * 2021-09-24 2023-03-30 Apple Inc. Secure Communication in a Computing System
US20230211693A1 (en) * 2020-12-04 2023-07-06 Liikennevirta Oy / Virta Ltd An identification method for electric vehicle charging stations
WO2023183435A1 (en) * 2022-03-23 2023-09-28 Wireless Advanced Vehicle Electrification, Llc Optimizing energy availability in an energy distribution network
US11882446B1 (en) * 2020-07-22 2024-01-23 Motiv Power Systems, Inc. Vehicle charge station network access credential updating system
CN117478762A (en) * 2023-10-31 2024-01-30 长江量子(武汉)科技有限公司 Safe and high-speed transmission method and system for Internet of vehicles data
EP4287441A3 (en) * 2018-06-22 2024-04-10 Moixa Energy Holdings Limited Systems for machine learning, optimising and managing local multi-asset flexibility of distributed energy storage resources
US20250184321A1 (en) * 2023-12-05 2025-06-05 Irdeto B.V. Method and Apparatus for Utilization of Domain Name System for Efficient Certificate Data Retrieval in Plug and Charge Ecosystems

Families Citing this family (197)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9003492B2 (en) 2011-06-21 2015-04-07 Qualcomm Incorporated Secure client authentication and service authorization in a shared communication network
US9113347B2 (en) 2012-12-05 2015-08-18 At&T Intellectual Property I, Lp Backhaul link for distributed antenna system
US10009065B2 (en) 2012-12-05 2018-06-26 At&T Intellectual Property I, L.P. Backhaul link for distributed antenna system
US10649449B2 (en) 2013-03-04 2020-05-12 Fisher-Rosemount Systems, Inc. Distributed industrial performance monitoring and analytics
US10649424B2 (en) 2013-03-04 2020-05-12 Fisher-Rosemount Systems, Inc. Distributed industrial performance monitoring and analytics
US10909137B2 (en) 2014-10-06 2021-02-02 Fisher-Rosemount Systems, Inc. Streaming data for analytics in process control systems
US9558220B2 (en) 2013-03-04 2017-01-31 Fisher-Rosemount Systems, Inc. Big data in process control systems
US10866952B2 (en) 2013-03-04 2020-12-15 Fisher-Rosemount Systems, Inc. Source-independent queries in distributed industrial system
US9397836B2 (en) * 2014-08-11 2016-07-19 Fisher-Rosemount Systems, Inc. Securing devices to process control systems
US9665088B2 (en) 2014-01-31 2017-05-30 Fisher-Rosemount Systems, Inc. Managing big data in process control systems
US10678225B2 (en) 2013-03-04 2020-06-09 Fisher-Rosemount Systems, Inc. Data analytic services for distributed industrial performance monitoring
US10649412B2 (en) 2013-03-15 2020-05-12 Fisher-Rosemount Systems, Inc. Method and apparatus for seamless state transfer between user interface devices in a mobile control room
DE102013205088B4 (en) 2013-03-22 2024-01-11 Bayerische Motoren Werke Aktiengesellschaft Device for transmitting data between a data transmission device of a vehicle and a data transmission device of a communication network as part of a charging process of an electrical energy storage device of the vehicle
US9525524B2 (en) 2013-05-31 2016-12-20 At&T Intellectual Property I, L.P. Remote distributed antenna system
US9999038B2 (en) 2013-05-31 2018-06-12 At&T Intellectual Property I, L.P. Remote distributed antenna system
US8897697B1 (en) 2013-11-06 2014-11-25 At&T Intellectual Property I, Lp Millimeter-wave surface-wave communications
US10861090B2 (en) * 2013-11-27 2020-12-08 Apple Inc. Provisioning of credentials on an electronic device using passwords communicated over verified channels
US9209902B2 (en) 2013-12-10 2015-12-08 At&T Intellectual Property I, L.P. Quasi-optical coupler
US9692101B2 (en) 2014-08-26 2017-06-27 At&T Intellectual Property I, L.P. Guided wave couplers for coupling electromagnetic waves between a waveguide surface and a surface of a wire
US9768833B2 (en) 2014-09-15 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for sensing a condition in a transmission medium of electromagnetic waves
US10063280B2 (en) 2014-09-17 2018-08-28 At&T Intellectual Property I, L.P. Monitoring and mitigating conditions in a communication network
US9628854B2 (en) 2014-09-29 2017-04-18 At&T Intellectual Property I, L.P. Method and apparatus for distributing content in a communication network
US9615269B2 (en) 2014-10-02 2017-04-04 At&T Intellectual Property I, L.P. Method and apparatus that provides fault tolerance in a communication network
US9685992B2 (en) 2014-10-03 2017-06-20 At&T Intellectual Property I, L.P. Circuit panel network and methods thereof
US9503189B2 (en) 2014-10-10 2016-11-22 At&T Intellectual Property I, L.P. Method and apparatus for arranging communication sessions in a communication system
US9762289B2 (en) 2014-10-14 2017-09-12 At&T Intellectual Property I, L.P. Method and apparatus for transmitting or receiving signals in a transportation system
US9973299B2 (en) 2014-10-14 2018-05-15 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a mode of communication in a communication network
US9627768B2 (en) 2014-10-21 2017-04-18 At&T Intellectual Property I, L.P. Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9577306B2 (en) 2014-10-21 2017-02-21 At&T Intellectual Property I, L.P. Guided-wave transmission device and methods for use therewith
US9312919B1 (en) 2014-10-21 2016-04-12 At&T Intellectual Property I, Lp Transmission device with impairment compensation and methods for use therewith
US9780834B2 (en) 2014-10-21 2017-10-03 At&T Intellectual Property I, L.P. Method and apparatus for transmitting electromagnetic waves
US9769020B2 (en) 2014-10-21 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for responding to events affecting communications in a communication network
US9564947B2 (en) 2014-10-21 2017-02-07 At&T Intellectual Property I, L.P. Guided-wave transmission device with diversity and methods for use therewith
US9520945B2 (en) 2014-10-21 2016-12-13 At&T Intellectual Property I, L.P. Apparatus for providing communication services and methods thereof
US9653770B2 (en) 2014-10-21 2017-05-16 At&T Intellectual Property I, L.P. Guided wave coupler, coupling module and methods for use therewith
US10340573B2 (en) 2016-10-26 2019-07-02 At&T Intellectual Property I, L.P. Launcher with cylindrical coupling device and methods for use therewith
US10243784B2 (en) 2014-11-20 2019-03-26 At&T Intellectual Property I, L.P. System for generating topology information and methods thereof
US10009067B2 (en) 2014-12-04 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for configuring a communication interface
US9544006B2 (en) 2014-11-20 2017-01-10 At&T Intellectual Property I, L.P. Transmission device with mode division multiplexing and methods for use therewith
US9680670B2 (en) 2014-11-20 2017-06-13 At&T Intellectual Property I, L.P. Transmission device with channel equalization and control and methods for use therewith
US9461706B1 (en) 2015-07-31 2016-10-04 At&T Intellectual Property I, Lp Method and apparatus for exchanging communication signals
US9997819B2 (en) 2015-06-09 2018-06-12 At&T Intellectual Property I, L.P. Transmission medium and method for facilitating propagation of electromagnetic waves via a core
US9742462B2 (en) 2014-12-04 2017-08-22 At&T Intellectual Property I, L.P. Transmission medium and communication interfaces and methods for use therewith
US9954287B2 (en) 2014-11-20 2018-04-24 At&T Intellectual Property I, L.P. Apparatus for converting wireless signals and electromagnetic waves and methods thereof
US9800327B2 (en) 2014-11-20 2017-10-24 At&T Intellectual Property I, L.P. Apparatus for controlling operations of a communication device and methods thereof
US9654173B2 (en) 2014-11-20 2017-05-16 At&T Intellectual Property I, L.P. Apparatus for powering a communication device and methods thereof
US10144036B2 (en) 2015-01-30 2018-12-04 At&T Intellectual Property I, L.P. Method and apparatus for mitigating interference affecting a propagation of electromagnetic waves guided by a transmission medium
US9876570B2 (en) 2015-02-20 2018-01-23 At&T Intellectual Property I, Lp Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9749013B2 (en) 2015-03-17 2017-08-29 At&T Intellectual Property I, L.P. Method and apparatus for reducing attenuation of electromagnetic waves guided by a transmission medium
US9705561B2 (en) 2015-04-24 2017-07-11 At&T Intellectual Property I, L.P. Directional coupling device and methods for use therewith
US10224981B2 (en) 2015-04-24 2019-03-05 At&T Intellectual Property I, Lp Passive electrical coupling device and methods for use therewith
US9948354B2 (en) 2015-04-28 2018-04-17 At&T Intellectual Property I, L.P. Magnetic coupling device with reflective plate and methods for use therewith
US9793954B2 (en) 2015-04-28 2017-10-17 At&T Intellectual Property I, L.P. Magnetic coupling device and methods for use therewith
US9490869B1 (en) 2015-05-14 2016-11-08 At&T Intellectual Property I, L.P. Transmission medium having multiple cores and methods for use therewith
US9871282B2 (en) 2015-05-14 2018-01-16 At&T Intellectual Property I, L.P. At least one transmission medium having a dielectric surface that is covered at least in part by a second dielectric
US9748626B2 (en) 2015-05-14 2017-08-29 At&T Intellectual Property I, L.P. Plurality of cables having different cross-sectional shapes which are bundled together to form a transmission medium
US10679767B2 (en) 2015-05-15 2020-06-09 At&T Intellectual Property I, L.P. Transmission medium having a conductive material and methods for use therewith
US10650940B2 (en) 2015-05-15 2020-05-12 At&T Intellectual Property I, L.P. Transmission medium having a conductive material and methods for use therewith
US9865110B2 (en) * 2015-05-22 2018-01-09 M2MD Technologies, Inc. Method and system for securely and automatically obtaining services from a machine device services server
US9917341B2 (en) 2015-05-27 2018-03-13 At&T Intellectual Property I, L.P. Apparatus and method for launching electromagnetic waves and for modifying radial dimensions of the propagating electromagnetic waves
US10812174B2 (en) 2015-06-03 2020-10-20 At&T Intellectual Property I, L.P. Client node device and methods for use therewith
US10348391B2 (en) 2015-06-03 2019-07-09 At&T Intellectual Property I, L.P. Client node device with frequency conversion and methods for use therewith
US10154493B2 (en) 2015-06-03 2018-12-11 At&T Intellectual Property I, L.P. Network termination and methods for use therewith
US10103801B2 (en) 2015-06-03 2018-10-16 At&T Intellectual Property I, L.P. Host node device and methods for use therewith
US9866309B2 (en) 2015-06-03 2018-01-09 At&T Intellectual Property I, Lp Host node device and methods for use therewith
US9912381B2 (en) 2015-06-03 2018-03-06 At&T Intellectual Property I, Lp Network termination and methods for use therewith
US9913139B2 (en) 2015-06-09 2018-03-06 At&T Intellectual Property I, L.P. Signal fingerprinting for authentication of communicating devices
US10142086B2 (en) 2015-06-11 2018-11-27 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9608692B2 (en) 2015-06-11 2017-03-28 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9820146B2 (en) 2015-06-12 2017-11-14 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9667317B2 (en) 2015-06-15 2017-05-30 At&T Intellectual Property I, L.P. Method and apparatus for providing security using network traffic adjustments
US9865911B2 (en) 2015-06-25 2018-01-09 At&T Intellectual Property I, L.P. Waveguide system for slot radiating first electromagnetic waves that are combined into a non-fundamental wave mode second electromagnetic wave on a transmission medium
US9509415B1 (en) 2015-06-25 2016-11-29 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a fundamental wave mode on a transmission medium
US9640850B2 (en) 2015-06-25 2017-05-02 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a non-fundamental wave mode on a transmission medium
US10170840B2 (en) 2015-07-14 2019-01-01 At&T Intellectual Property I, L.P. Apparatus and methods for sending or receiving electromagnetic signals
US10044409B2 (en) 2015-07-14 2018-08-07 At&T Intellectual Property I, L.P. Transmission medium and methods for use therewith
US9853342B2 (en) 2015-07-14 2017-12-26 At&T Intellectual Property I, L.P. Dielectric transmission medium connector and methods for use therewith
US9722318B2 (en) 2015-07-14 2017-08-01 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10148016B2 (en) 2015-07-14 2018-12-04 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array
US10320586B2 (en) 2015-07-14 2019-06-11 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an insulated transmission medium
US10033107B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US9882257B2 (en) 2015-07-14 2018-01-30 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9847566B2 (en) 2015-07-14 2017-12-19 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a field of a signal to mitigate interference
US10205655B2 (en) 2015-07-14 2019-02-12 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array and multiple communication paths
US10341142B2 (en) 2015-07-14 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an uninsulated conductor
US9628116B2 (en) 2015-07-14 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and methods for transmitting wireless signals
US9836957B2 (en) 2015-07-14 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for communicating with premises equipment
US10033108B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave having a wave mode that mitigates interference
US9793951B2 (en) 2015-07-15 2017-10-17 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9608740B2 (en) 2015-07-15 2017-03-28 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US10090606B2 (en) 2015-07-15 2018-10-02 At&T Intellectual Property I, L.P. Antenna system with dielectric array and methods for use therewith
US9948333B2 (en) 2015-07-23 2018-04-17 At&T Intellectual Property I, L.P. Method and apparatus for wireless communications to mitigate interference
US9871283B2 (en) 2015-07-23 2018-01-16 At&T Intellectual Property I, Lp Transmission medium having a dielectric core comprised of plural members connected by a ball and socket configuration
US9749053B2 (en) 2015-07-23 2017-08-29 At&T Intellectual Property I, L.P. Node device, repeater and methods for use therewith
US9912027B2 (en) 2015-07-23 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for exchanging communication signals
US10784670B2 (en) 2015-07-23 2020-09-22 At&T Intellectual Property I, L.P. Antenna support for aligning an antenna
US9735833B2 (en) 2015-07-31 2017-08-15 At&T Intellectual Property I, L.P. Method and apparatus for communications management in a neighborhood network
US10020587B2 (en) 2015-07-31 2018-07-10 At&T Intellectual Property I, L.P. Radial antenna and methods for use therewith
US9967173B2 (en) 2015-07-31 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9904535B2 (en) 2015-09-14 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for distributing software
US10136434B2 (en) 2015-09-16 2018-11-20 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an ultra-wideband control channel
US10079661B2 (en) 2015-09-16 2018-09-18 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having a clock reference
US10051629B2 (en) 2015-09-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an in-band reference signal
US9705571B2 (en) 2015-09-16 2017-07-11 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system
US10009901B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method, apparatus, and computer-readable storage medium for managing utilization of wireless resources between base stations
US10009063B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an out-of-band reference signal
US9769128B2 (en) 2015-09-28 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for encryption of communications over a network
US9729197B2 (en) 2015-10-01 2017-08-08 At&T Intellectual Property I, L.P. Method and apparatus for communicating network management traffic over a network
US9882277B2 (en) 2015-10-02 2018-01-30 At&T Intellectual Property I, Lp Communication device and antenna assembly with actuated gimbal mount
US9876264B2 (en) 2015-10-02 2018-01-23 At&T Intellectual Property I, Lp Communication system, guided wave switch and methods for use therewith
US10074890B2 (en) 2015-10-02 2018-09-11 At&T Intellectual Property I, L.P. Communication device and antenna with integrated light assembly
US10051483B2 (en) 2015-10-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for directing wireless signals
US10665942B2 (en) 2015-10-16 2020-05-26 At&T Intellectual Property I, L.P. Method and apparatus for adjusting wireless communications
US10355367B2 (en) 2015-10-16 2019-07-16 At&T Intellectual Property I, L.P. Antenna structure for exchanging wireless signals
KR101877602B1 (en) * 2015-10-20 2018-07-11 현대자동차주식회사 Security method and apparatus for electric vehicle power transfer system
CN105608885A (en) * 2015-11-24 2016-05-25 东莞酷派软件技术有限公司 Vehicle management method, vehicle management device and server
WO2017100282A1 (en) 2015-12-07 2017-06-15 Mastercard International Incorporated Systems and methods for utilizing vehicle connectivity in association with payment transactions
US10503483B2 (en) 2016-02-12 2019-12-10 Fisher-Rosemount Systems, Inc. Rule builder in a process control network
CN107294932B (en) * 2016-04-12 2019-11-15 中国电信股份有限公司 Method and server for centralized control type key management
US9912419B1 (en) 2016-08-24 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for managing a fault in a distributed antenna system
US9860075B1 (en) 2016-08-26 2018-01-02 At&T Intellectual Property I, L.P. Method and communication node for broadband distribution
US10291311B2 (en) 2016-09-09 2019-05-14 At&T Intellectual Property I, L.P. Method and apparatus for mitigating a fault in a distributed antenna system
US11032819B2 (en) 2016-09-15 2021-06-08 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having a control channel reference signal
US10340600B2 (en) 2016-10-18 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via plural waveguide systems
US10135147B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via an antenna
US10135146B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via circuits
US10811767B2 (en) 2016-10-21 2020-10-20 At&T Intellectual Property I, L.P. System and dielectric antenna with convex dielectric radome
US9876605B1 (en) 2016-10-21 2018-01-23 At&T Intellectual Property I, L.P. Launcher and coupling system to support desired guided wave mode
US10374316B2 (en) 2016-10-21 2019-08-06 At&T Intellectual Property I, L.P. System and dielectric antenna with non-uniform dielectric
US9991580B2 (en) 2016-10-21 2018-06-05 At&T Intellectual Property I, L.P. Launcher and coupling system for guided wave mode cancellation
US10312567B2 (en) 2016-10-26 2019-06-04 At&T Intellectual Property I, L.P. Launcher with planar strip antenna and methods for use therewith
US10498044B2 (en) 2016-11-03 2019-12-03 At&T Intellectual Property I, L.P. Apparatus for configuring a surface of an antenna
US10225025B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Method and apparatus for detecting a fault in a communication system
US10291334B2 (en) 2016-11-03 2019-05-14 At&T Intellectual Property I, L.P. System for detecting a fault in a communication system
US10224634B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Methods and apparatus for adjusting an operational characteristic of an antenna
US10178445B2 (en) 2016-11-23 2019-01-08 At&T Intellectual Property I, L.P. Methods, devices, and systems for load balancing between a plurality of waveguides
US10535928B2 (en) 2016-11-23 2020-01-14 At&T Intellectual Property I, L.P. Antenna system and methods for use therewith
US10090594B2 (en) 2016-11-23 2018-10-02 At&T Intellectual Property I, L.P. Antenna system having structural configurations for assembly
US10340601B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Multi-antenna system and methods for use therewith
US10340603B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Antenna system having shielded structural configurations for assembly
US10361489B2 (en) 2016-12-01 2019-07-23 At&T Intellectual Property I, L.P. Dielectric dish antenna system and methods for use therewith
US10305190B2 (en) 2016-12-01 2019-05-28 At&T Intellectual Property I, L.P. Reflecting dielectric antenna system and methods for use therewith
US10135145B2 (en) 2016-12-06 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave along a transmission medium
US10755542B2 (en) 2016-12-06 2020-08-25 At&T Intellectual Property I, L.P. Method and apparatus for surveillance via guided wave communication
US9927517B1 (en) 2016-12-06 2018-03-27 At&T Intellectual Property I, L.P. Apparatus and methods for sensing rainfall
US10382976B2 (en) 2016-12-06 2019-08-13 At&T Intellectual Property I, L.P. Method and apparatus for managing wireless communications based on communication paths and network device positions
US10637149B2 (en) 2016-12-06 2020-04-28 At&T Intellectual Property I, L.P. Injection molded dielectric antenna and methods for use therewith
US10020844B2 (en) 2016-12-06 2018-07-10 T&T Intellectual Property I, L.P. Method and apparatus for broadcast communication via guided waves
US10819035B2 (en) 2016-12-06 2020-10-27 At&T Intellectual Property I, L.P. Launcher with helical antenna and methods for use therewith
US10727599B2 (en) 2016-12-06 2020-07-28 At&T Intellectual Property I, L.P. Launcher with slot antenna and methods for use therewith
US10694379B2 (en) 2016-12-06 2020-06-23 At&T Intellectual Property I, L.P. Waveguide system with device-based authentication and methods for use therewith
US10439675B2 (en) 2016-12-06 2019-10-08 At&T Intellectual Property I, L.P. Method and apparatus for repeating guided wave communication signals
US10326494B2 (en) 2016-12-06 2019-06-18 At&T Intellectual Property I, L.P. Apparatus for measurement de-embedding and methods for use therewith
US10547348B2 (en) 2016-12-07 2020-01-28 At&T Intellectual Property I, L.P. Method and apparatus for switching transmission mediums in a communication system
US10027397B2 (en) 2016-12-07 2018-07-17 At&T Intellectual Property I, L.P. Distributed antenna system and methods for use therewith
US10446936B2 (en) 2016-12-07 2019-10-15 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system and methods for use therewith
US10139820B2 (en) 2016-12-07 2018-11-27 At&T Intellectual Property I, L.P. Method and apparatus for deploying equipment of a communication system
US10389029B2 (en) 2016-12-07 2019-08-20 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system with core selection and methods for use therewith
US10168695B2 (en) 2016-12-07 2019-01-01 At&T Intellectual Property I, L.P. Method and apparatus for controlling an unmanned aircraft
US10243270B2 (en) 2016-12-07 2019-03-26 At&T Intellectual Property I, L.P. Beam adaptive multi-feed dielectric antenna system and methods for use therewith
US10359749B2 (en) 2016-12-07 2019-07-23 At&T Intellectual Property I, L.P. Method and apparatus for utilities management via guided wave communication
US9893795B1 (en) 2016-12-07 2018-02-13 At&T Intellectual Property I, Lp Method and repeater for broadband distribution
US10389037B2 (en) 2016-12-08 2019-08-20 At&T Intellectual Property I, L.P. Apparatus and methods for selecting sections of an antenna array and use therewith
US10938108B2 (en) 2016-12-08 2021-03-02 At&T Intellectual Property I, L.P. Frequency selective multi-feed dielectric antenna system and methods for use therewith
US10103422B2 (en) 2016-12-08 2018-10-16 At&T Intellectual Property I, L.P. Method and apparatus for mounting network devices
US10069535B2 (en) 2016-12-08 2018-09-04 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves having a certain electric field structure
US9911020B1 (en) 2016-12-08 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for tracking via a radio frequency identification device
US10601494B2 (en) 2016-12-08 2020-03-24 At&T Intellectual Property I, L.P. Dual-band communication device and method for use therewith
US10530505B2 (en) 2016-12-08 2020-01-07 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves along a transmission medium
US10326689B2 (en) 2016-12-08 2019-06-18 At&T Intellectual Property I, L.P. Method and system for providing alternative communication paths
US10411356B2 (en) 2016-12-08 2019-09-10 At&T Intellectual Property I, L.P. Apparatus and methods for selectively targeting communication devices with an antenna array
US10777873B2 (en) 2016-12-08 2020-09-15 At&T Intellectual Property I, L.P. Method and apparatus for mounting network devices
US9998870B1 (en) 2016-12-08 2018-06-12 At&T Intellectual Property I, L.P. Method and apparatus for proximity sensing
US10916969B2 (en) 2016-12-08 2021-02-09 At&T Intellectual Property I, L.P. Method and apparatus for providing power using an inductive coupling
US10264586B2 (en) 2016-12-09 2019-04-16 At&T Mobility Ii Llc Cloud-based packet controller and methods for use therewith
US10340983B2 (en) 2016-12-09 2019-07-02 At&T Intellectual Property I, L.P. Method and apparatus for surveying remote sites via guided wave communications
US9838896B1 (en) 2016-12-09 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for assessing network coverage
US9973940B1 (en) 2017-02-27 2018-05-15 At&T Intellectual Property I, L.P. Apparatus and methods for dynamic impedance matching of a guided wave launcher
US10298293B2 (en) 2017-03-13 2019-05-21 At&T Intellectual Property I, L.P. Apparatus of communication utilizing wireless network devices
CA3005598C (en) 2017-05-22 2022-05-24 Hussein Talaat Mouftah Methods and systems for conjugated authentication and authorization
US10195956B2 (en) 2017-06-02 2019-02-05 United Arab Emirates University Secure charging method for electric vehicles
DE102017222879A1 (en) * 2017-12-15 2019-06-19 Volkswagen Aktiengesellschaft Apparatus, method, and computer program for enabling a vehicle component, vehicle-to-vehicle communication module
EP3522511A1 (en) * 2018-02-05 2019-08-07 Schweizerische Bundesbahnen SBB Communication method and communication system for billing
CN108454410B (en) * 2018-04-13 2020-06-23 安徽江淮汽车集团股份有限公司 Fuel cell diagnosis access method
US11140730B2 (en) * 2019-03-15 2021-10-05 Cisco Technology, Inc. Automatic provisioning of Wi-Fi connections for trailers
US11128474B2 (en) * 2019-03-25 2021-09-21 Micron Technology, Inc. Secure device communication
KR102768471B1 (en) * 2019-04-24 2025-02-13 현대자동차주식회사 Method and system for electric vehicle user authorization
EP3962017B1 (en) * 2019-04-24 2025-10-01 Hyundai Motor Company Ev user authorization method and system
US20220158851A1 (en) * 2019-04-29 2022-05-19 Hyundai Motor Company Cross-certificate method and device for electric vehicle charging
US11724616B2 (en) 2020-01-13 2023-08-15 NAD Grid Corp Methods and systems for facilitating charging sessions for electric vehicles, with improved user interface operation modes
US11797350B2 (en) * 2020-02-25 2023-10-24 Cisco Technology, Inc. Method and apparatus for providing data center functions for support of an electric vehicle based data center
CN111917759B (en) * 2020-07-27 2021-02-19 八维通科技有限公司 Data security interaction method for gas station
KR102389727B1 (en) * 2020-09-28 2022-04-25 주식회사 페스카로 Method and apparatus for evaluating security of electronic controller in vehicle
WO2022133018A2 (en) * 2020-12-16 2022-06-23 NAD Grid Corp. Methods and systems for facilitating charging sessions for electric vehicles, with improved user interface operation modes
US12296851B2 (en) * 2022-12-20 2025-05-13 Automotive Research & Testing Center Autonomous vehicle communication safety system and method thereof
WO2024205223A1 (en) * 2023-03-28 2024-10-03 현대자동차주식회사 Method and device for securing endpoint in protocol for managing electric car charging/discharging infrastructure
CN120263827B (en) * 2025-06-05 2025-09-05 台铃科技股份有限公司 Electric vehicle trinity safety binding system and method

Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040252668A1 (en) * 1995-06-30 2004-12-16 Interdigital Technology Corporation Code division multiple access (CDMA) communication system
US20050215263A1 (en) * 2002-02-28 2005-09-29 Intel Corporation, A Delaware Corporation Data transmission rate control
US20050273803A1 (en) * 2004-05-11 2005-12-08 Funai Electric Co., Ltd. TV program distribution system and TV broadcast signal receiving device for receiving a pay TV program distributed from the system
US20060136457A1 (en) * 2004-11-29 2006-06-22 Park Seung W Method for supporting scalable progressive downloading of video signal
US20070091864A1 (en) * 2005-10-13 2007-04-26 Masanori Honjo Wireless apparatus and method of selecting wireless access point
US20070230506A1 (en) * 2006-03-29 2007-10-04 Huawei Technologies Co., Ltd. Method, device and system for transmitting very-long short message
US20080270528A1 (en) * 2007-04-30 2008-10-30 James Ward Girardeau Multimedia client/server system with adjustable packet size and methods for use therewith
US20090288129A1 (en) * 2003-09-15 2009-11-19 The Directv Group, Inc. Method and system for adaptive transcoding and transrating in a video network
US20100161482A1 (en) * 2008-12-22 2010-06-24 Nathan Bowman Littrell System and method for roaming billing for electric vehicles
US20100269153A1 (en) * 2009-03-19 2010-10-21 Hitachi, Ltd. Terminal system for guaranteeing authenticity, terminal, and terminal management server
US20100274570A1 (en) * 2009-04-24 2010-10-28 Gm Global Technology Operations, Inc. Vehicle charging authorization
US20100315197A1 (en) * 2009-07-23 2010-12-16 James Solomon Authorization in a networked electric vehicle charging system
US20110022641A1 (en) * 2009-07-24 2011-01-27 Theodore Werth Systems and methods for providing remote services using a cross-device database
US20110099376A1 (en) * 2009-10-27 2011-04-28 Vikas Gupta Systems and methods for authenticating an electronic transaction
US20110144844A1 (en) * 2009-12-16 2011-06-16 Sony Corporation Electric vehicle, management apparatus, and drive management method
US20110184587A1 (en) * 2010-01-25 2011-07-28 Flux Engineering, LLC. System and Method for Trading Electrical or Other Portable Power or Energy Source
US20110191265A1 (en) * 2010-01-29 2011-08-04 Richard Lowenthal Electric vehicle charging station host definable pricing
US20110264530A1 (en) * 2010-04-23 2011-10-27 Bryan Santangelo Apparatus and methods for dynamic secondary content and data insertion and delivery
US20110279082A1 (en) * 2010-05-14 2011-11-17 Hagenmaier Jr Carl F Safety supervisory module of an electric vehicle charging station
US20120089286A1 (en) * 2009-06-25 2012-04-12 Hideki Nakata Vehicle control system and automobile
US20120131360A1 (en) * 2010-11-22 2012-05-24 Atheros Communications, Inc. Path characteristic based association of communication devices

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4862122A (en) 1988-12-14 1989-08-29 Alcatel Na, Inc Dielectric notch filter
US5341083A (en) 1991-09-27 1994-08-23 Electric Power Research Institute, Inc. Contactless battery charging system
CA2189451C (en) 1994-05-03 2002-03-26 James P. Burgess Power distribution module
US6182139B1 (en) 1996-08-05 2001-01-30 Resonate Inc. Client-side resource-based load-balancing with delayed-resource-binding using TCP state migration to WWW server farm
JPH10133983A (en) 1996-11-01 1998-05-22 Fuji Xerox Co Ltd Host device and image output device
FI104780B (en) 1997-02-28 2000-03-31 Nokia Mobile Phones Ltd Cell prioritization in a cellular radio system
EP1180886B1 (en) 2000-08-17 2006-10-11 Sun Microsystems, Inc. Load balancing method and system
US6396241B1 (en) 2000-09-18 2002-05-28 General Motors Corporation Inductive charging system employing a fluid-cooled transformer coil and transmission cable
JP2003012099A (en) 2001-07-02 2003-01-15 Tatsuno Corp Gas station system
JP4173660B2 (en) 2001-12-12 2008-10-29 株式会社エヌ・ティ・ティ・ドコモ Mobile communication system, mobile device, and position estimation method of mobile device
EP1324546A1 (en) 2001-12-28 2003-07-02 Motorola, Inc. Dynamic content delivery method and network
US7599484B2 (en) 2002-04-29 2009-10-06 Adc Dsl Systems, Inc. Element management system for managing line-powered network elements
CN1557659A (en) * 2004-02-13 2004-12-29 于耀庆 Apparatus for rapidly recovering energy source storage of electric automobile and operational method thereof
US8161547B1 (en) 2004-03-22 2012-04-17 Cisco Technology, Inc. Monitoring traffic to provide enhanced network security
US7286834B2 (en) 2004-07-13 2007-10-23 Sbc Knowledge Ventures, Lp System and method for location based policy management
US20060195464A1 (en) 2005-02-28 2006-08-31 Microsoft Corporation Dynamic data delivery
JP2007069923A (en) 2005-09-05 2007-03-22 Idemitsu Credit Kk Meter control system, meter controlling method, and pos system
US8429396B1 (en) 2006-05-31 2013-04-23 Juniper Networks, Inc. Peer discovery and secure communication in failover schemes
JP4835293B2 (en) 2006-07-13 2011-12-14 日本電気株式会社 Transmission output control device, multi-carrier transmission system, transmission output control method, and transmission output control program
US20080040296A1 (en) 2006-08-10 2008-02-14 V2 Green Inc. Electric Resource Power Meter in a Power Aggregation System for Distributed Electric Resources
JP2008077267A (en) 2006-09-20 2008-04-03 Tokyo Electric Power Co Inc:The Power supply system
US8510464B2 (en) 2006-12-20 2013-08-13 Cisco Technology, Inc. Measuring delays from content servers to network devices on paths to a client such as for use in selecting a content server based on a common network device
US7885893B2 (en) 2007-03-16 2011-02-08 Daniel Alexander Method and system for the authorization of and payment for electric charging of vehicles
US8112358B2 (en) 2007-06-04 2012-02-07 Qualcomm Atheros, Inc. Authorizing customer premise equipment on a sub-network
US8014109B2 (en) 2007-10-04 2011-09-06 Hitachi Global Storage Technologies Netherlands B.V. Current-perpendicular-to-the-plane (CPP) magnetoresistive sensor with antiparallel-pinned layer containing silicon
US8054048B2 (en) 2007-10-04 2011-11-08 GM Global Technology Operations LLC Power grid load management for plug-in vehicles
JP2009094768A (en) 2007-10-09 2009-04-30 Panasonic Corp Power line communication apparatus and automatic registration method for power line communication apparatus
JP4355750B2 (en) 2008-04-08 2009-11-04 株式会社エヌ・ティ・ティ・ドコモ Broadcast information notification method and network node
EP2281333A2 (en) 2008-04-09 2011-02-09 Intellon Corporation Transmission line directional awareness
US8368351B2 (en) 2008-04-09 2013-02-05 Qualcomm Incorporated Transmission line directional awareness for a charging station
JP5305504B2 (en) 2008-07-04 2013-10-02 矢崎総業株式会社 Charge monitoring device
AU2009273757A1 (en) 2008-07-21 2010-01-28 Dius Computing Pty Ltd An authentication system for a plug-in electric drive vehicle
US8725551B2 (en) 2008-08-19 2014-05-13 International Business Machines Corporation Smart electric vehicle interface for managing post-charge information exchange and analysis
GB2472537B (en) 2008-10-15 2011-06-22 Nomad Spectrum Ltd Network communication
EP2350979A1 (en) 2008-10-15 2011-08-03 Continental Teves AG & Co. oHG Data transfer in a vehicle and charging said vehicle
US20100161518A1 (en) 2008-12-22 2010-06-24 Nathan Bowman Littrell Electricity storage controller with integrated electricity meter and methods for using same
US9505317B2 (en) 2008-12-22 2016-11-29 General Electric Company System and method for electric vehicle charging and billing using a wireless vehicle communication service
SE532123C2 (en) 2008-12-22 2009-10-27 Electric power charging system for vehicles
US10189359B2 (en) 2009-02-17 2019-01-29 Chargepoint, Inc. Transmitting notification messages for an electric vehicle charging network
CN102449572A (en) 2009-03-31 2012-05-09 栅点股份有限公司 Electric vehicle power management systems
WO2011014773A2 (en) 2009-07-31 2011-02-03 Deka Products Limited Partnership Systems, methods and apparatus for vehicle battery charging
JP2011034500A (en) 2009-08-05 2011-02-17 Enegate:Kk Power supply charging system for electric vehicle
WO2011038153A1 (en) * 2009-09-23 2011-03-31 Aerovironment, Inc. Active multi-path network redundancy with performance monitoring
WO2011044543A2 (en) 2009-10-09 2011-04-14 Levy Paul Method and process of administrating electric vehicle charge stations and billing for the recharging of electric vehicles leveraging a single connection action using low cost charge stations
CN102082309B (en) * 2009-11-27 2014-09-17 尹学军 Method for quickly supplementing electric energy of electric vehicle and power supply unit thereof
WO2011082530A1 (en) 2010-01-08 2011-07-14 上海贝尔股份有限公司 Method and device for controlling user equipment to measure non-activated downlink component carriers
JP2011211880A (en) 2010-03-31 2011-10-20 Motion:Kk In-vehicle mount type battery charging system, managing server, managing server control method, and program
DE102010023127A1 (en) 2010-06-09 2011-12-15 Siemens Aktiengesellschaft Access control to electrical charging stations
US9003492B2 (en) 2011-06-21 2015-04-07 Qualcomm Incorporated Secure client authentication and service authorization in a shared communication network
US9021278B2 (en) 2011-08-10 2015-04-28 Qualcomm Incorporated Network association of communication devices based on attenuation information

Patent Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040252668A1 (en) * 1995-06-30 2004-12-16 Interdigital Technology Corporation Code division multiple access (CDMA) communication system
US20050215263A1 (en) * 2002-02-28 2005-09-29 Intel Corporation, A Delaware Corporation Data transmission rate control
US20090288129A1 (en) * 2003-09-15 2009-11-19 The Directv Group, Inc. Method and system for adaptive transcoding and transrating in a video network
US20050273803A1 (en) * 2004-05-11 2005-12-08 Funai Electric Co., Ltd. TV program distribution system and TV broadcast signal receiving device for receiving a pay TV program distributed from the system
US20060136457A1 (en) * 2004-11-29 2006-06-22 Park Seung W Method for supporting scalable progressive downloading of video signal
US20070091864A1 (en) * 2005-10-13 2007-04-26 Masanori Honjo Wireless apparatus and method of selecting wireless access point
US20070230506A1 (en) * 2006-03-29 2007-10-04 Huawei Technologies Co., Ltd. Method, device and system for transmitting very-long short message
US20080270528A1 (en) * 2007-04-30 2008-10-30 James Ward Girardeau Multimedia client/server system with adjustable packet size and methods for use therewith
US20100161482A1 (en) * 2008-12-22 2010-06-24 Nathan Bowman Littrell System and method for roaming billing for electric vehicles
US20100269153A1 (en) * 2009-03-19 2010-10-21 Hitachi, Ltd. Terminal system for guaranteeing authenticity, terminal, and terminal management server
US20100274570A1 (en) * 2009-04-24 2010-10-28 Gm Global Technology Operations, Inc. Vehicle charging authorization
US20120089286A1 (en) * 2009-06-25 2012-04-12 Hideki Nakata Vehicle control system and automobile
US20100315197A1 (en) * 2009-07-23 2010-12-16 James Solomon Authorization in a networked electric vehicle charging system
US20110022641A1 (en) * 2009-07-24 2011-01-27 Theodore Werth Systems and methods for providing remote services using a cross-device database
US20110099376A1 (en) * 2009-10-27 2011-04-28 Vikas Gupta Systems and methods for authenticating an electronic transaction
US20110144844A1 (en) * 2009-12-16 2011-06-16 Sony Corporation Electric vehicle, management apparatus, and drive management method
US20110184587A1 (en) * 2010-01-25 2011-07-28 Flux Engineering, LLC. System and Method for Trading Electrical or Other Portable Power or Energy Source
US20110191265A1 (en) * 2010-01-29 2011-08-04 Richard Lowenthal Electric vehicle charging station host definable pricing
US20110264530A1 (en) * 2010-04-23 2011-10-27 Bryan Santangelo Apparatus and methods for dynamic secondary content and data insertion and delivery
US20110279082A1 (en) * 2010-05-14 2011-11-17 Hagenmaier Jr Carl F Safety supervisory module of an electric vehicle charging station
US20120131360A1 (en) * 2010-11-22 2012-05-24 Atheros Communications, Inc. Path characteristic based association of communication devices

Cited By (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190239144A1 (en) * 2006-08-10 2019-08-01 V2Green, Inc. Connection locator in a power aggregation system for distributed electric resources
US10892639B2 (en) * 2006-08-10 2021-01-12 V2Green, Inc. Connection locator in a power aggregation system for distributed electric resources
US9026813B2 (en) 2010-11-22 2015-05-05 Qualcomm Incorporated Establishing a power charging association on a powerline network
US9445361B2 (en) 2010-11-22 2016-09-13 Qualcomm Incorporated Establishing a power charging association on a powerline network
US9021278B2 (en) 2011-08-10 2015-04-28 Qualcomm Incorporated Network association of communication devices based on attenuation information
US9577997B2 (en) * 2012-05-29 2017-02-21 Toyota Jidosha Kabushiki Kaisha Authentication system and authentication method
US20150095997A1 (en) * 2012-05-29 2015-04-02 Toyota Jidosha Kabushiki Kaisha Authentication system and authentication method
US10432408B2 (en) * 2012-08-30 2019-10-01 Texas Instruments Incorporated Retention and revocation of operation keys by a control unit
US11405221B2 (en) 2012-08-30 2022-08-02 Texas Instmments Incorporated Retention and revocation of operation keys by a control unit
US10442300B2 (en) 2013-03-15 2019-10-15 Kld Energy Technologies, Inc. Vehicle communications, power management, and seating systems
US20140285146A1 (en) * 2013-03-15 2014-09-25 Kenguru, Inc. Vehicle communications, power management, and seating systems
US9868359B2 (en) * 2013-03-15 2018-01-16 Kld Energy Technologies, Inc. Vehicle communications, power management, and seating systems
US9509589B2 (en) * 2013-03-25 2016-11-29 Kabushiki Kaisha Toshiba Communication device, communication system, communication method, and computer program product
US20140289520A1 (en) * 2013-03-25 2014-09-25 Kabushiki Kaisha Toshiba Communication device, communication system, communication method, and computer program product
US9948622B2 (en) 2013-06-25 2018-04-17 Google Llc Authenticated session establishment
US20150149781A1 (en) * 2013-06-25 2015-05-28 Google Inc. Authenticated session establishment
US9462624B2 (en) * 2013-06-25 2016-10-04 Google Inc. Authenticated session establishment
CN104698883A (en) * 2013-12-10 2015-06-10 福特全球技术公司 Method to ensure reliable reception of electric vehicle association messages
DE102014224969B4 (en) 2013-12-10 2023-01-26 Ford Global Technologies, Llc Method for ensuring reliable reception of association messages from electric vehicles
US9180786B2 (en) * 2013-12-10 2015-11-10 Ford Global Technologies, Llc Method to ensure reliable reception of electric vehicle association messages
US20150158394A1 (en) * 2013-12-10 2015-06-11 Ford Global Technologies, Llc Method to ensure reliable reception of electric vehicle association messages
CN105281807A (en) * 2014-06-16 2016-01-27 Ls产电株式会社 Communication device using power line and method of operating the same
US11533297B2 (en) * 2014-10-24 2022-12-20 Netflix, Inc. Secure communication channel with token renewal mechanism
US20160119291A1 (en) * 2014-10-24 2016-04-28 Netflix, Inc Secure communication channel with token renewal mechanism
US11399019B2 (en) * 2014-10-24 2022-07-26 Netflix, Inc. Failure recovery mechanism to re-establish secured communications
US20180191504A1 (en) * 2015-08-31 2018-07-05 Alibaba Group Holding Limited Verification information update
US10880306B2 (en) * 2015-08-31 2020-12-29 Alibaba Group Holding Limited Verification information update
US11451384B2 (en) 2015-11-09 2022-09-20 Dealerware, Llc Vehicle access systems and methods
US11424921B2 (en) 2015-11-09 2022-08-23 Dealerware, Llc Vehicle access systems and methods
US11463246B2 (en) * 2015-11-09 2022-10-04 Dealerware, Llc Vehicle access systems and methods
US20180026792A1 (en) * 2016-07-25 2018-01-25 Elyes Ben Hamida Methods and systems for prioritized authentication between mobile objects
US11212080B2 (en) * 2016-11-18 2021-12-28 Kddi Corporation Communication system, vehicle, server device, communication method, and computer program
US11059377B2 (en) * 2017-02-21 2021-07-13 Audi Ag Charging device for charging an electrically driven motor vehicle having access to a data network and method for operating a charging device of this kind
US20180337773A1 (en) * 2017-05-19 2018-11-22 Fujitsu Limited Communication device and communication method
US11330432B2 (en) * 2017-06-27 2022-05-10 Kddi Corporation Maintenance system and maintenance method
US11366885B2 (en) * 2017-08-14 2022-06-21 Kddi Corporation Vehicle security system and vehicle security method
US20190065789A1 (en) * 2017-08-29 2019-02-28 Motorola Solutions, Inc. Device and method for power source based device authentication
US20190245705A1 (en) * 2018-02-05 2019-08-08 Onboard Security, Inc. Connected Vehicle Communication Wth Improved Misbehavior Processing
US11552805B2 (en) * 2018-02-05 2023-01-10 Onboard Security, Inc. Connected vehicle communication with improved misbehavior processing
US20190281027A1 (en) * 2018-03-12 2019-09-12 International Business Machines Corporation Wireless communication between vehicles
US11075890B2 (en) * 2018-03-12 2021-07-27 International Business Machines Corporation Wireless communication between vehicles
EP4287441A3 (en) * 2018-06-22 2024-04-10 Moixa Energy Holdings Limited Systems for machine learning, optimising and managing local multi-asset flexibility of distributed energy storage resources
US10759291B2 (en) * 2018-07-05 2020-09-01 Audi Ag System and a method for unlocking a charging plug inserted in a vehicle charging socket
US20200009973A1 (en) * 2018-07-05 2020-01-09 Audi Ag System and a method for unlocking a charging plug inserted in a vehicle charging socket
US11418328B2 (en) * 2018-11-26 2022-08-16 Electronics And Telecommunications Research Institute System for key control for in-vehicle network
US11046201B2 (en) * 2019-03-25 2021-06-29 Micron Technology, Inc. Electric vehicle charging station system
US11882446B1 (en) * 2020-07-22 2024-01-23 Motiv Power Systems, Inc. Vehicle charge station network access credential updating system
US11813953B2 (en) * 2020-12-04 2023-11-14 Liikennevirta Oy / Virta Ltd Identification method for electric vehicle charging stations
US20230211693A1 (en) * 2020-12-04 2023-07-06 Liikennevirta Oy / Virta Ltd An identification method for electric vehicle charging stations
US20230093992A1 (en) * 2021-09-24 2023-03-30 Apple Inc. Secure Communication in a Computing System
WO2023183435A1 (en) * 2022-03-23 2023-09-28 Wireless Advanced Vehicle Electrification, Llc Optimizing energy availability in an energy distribution network
CN117478762A (en) * 2023-10-31 2024-01-30 长江量子(武汉)科技有限公司 Safe and high-speed transmission method and system for Internet of vehicles data
US20250184321A1 (en) * 2023-12-05 2025-06-05 Irdeto B.V. Method and Apparatus for Utilization of Domain Name System for Efficient Certificate Data Retrieval in Plug and Charge Ecosystems

Also Published As

Publication number Publication date
US9003492B2 (en) 2015-04-07
WO2012177812A1 (en) 2012-12-27
JP2014523579A (en) 2014-09-11
EP2724516B1 (en) 2017-11-22
KR101543445B1 (en) 2015-08-12
JP5755805B2 (en) 2015-07-29
CN103765857A (en) 2014-04-30
KR20140027497A (en) 2014-03-06
EP2724516A1 (en) 2014-04-30
CN103765857B (en) 2017-06-09

Similar Documents

Publication Publication Date Title
US9003492B2 (en) Secure client authentication and service authorization in a shared communication network
US9021278B2 (en) Network association of communication devices based on attenuation information
CN111869249B (en) Security BLE JUST WORKS pairing method aiming at man-in-the-middle attack
CN111783068B (en) Device authentication method, system, electronic device and storage medium
CN105472192B (en) The smart machine, terminal device and method realizing control security certificate and sharing
US10680835B2 (en) Secure authentication of remote equipment
JP2023505471A (en) Provisioning method and terminal equipment
KR20140127303A (en) Multi-factor certificate authority
CN108990060A (en) A kind of credential distribution system and method for base station equipment
CN113783829A (en) Method and device for realizing equipment access in cross-platform manner
KR101509079B1 (en) Smart Card and Dynamic ID Based Electric Vehicle User Authentication Scheme
CN114428965A (en) Secure communication method, system, electronic device and storage medium
CN117728958A (en) A communication method, device and system
KR101209812B1 (en) Method for access controll of client in home network system and apparatus thereof
CN119906595A (en) Device binding method, device, equipment and storage medium
KR20240145907A (en) Method and apparatus for end-to-end security in protocols for management of electric vehicles charging and discharging infrastructures

Legal Events

Date Code Title Description
AS Assignment

Owner name: QUALCOMM ATHEROS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KATAR, SRINIVAS;YONGE, LAWRENCE W., III;NEWMAN, RICHARD E.;SIGNING DATES FROM 20120712 TO 20120713;REEL/FRAME:028774/0991

AS Assignment

Owner name: QUALCOMM INCORPORATED, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:QUALCOMM ATHEROS, INC.;REEL/FRAME:029487/0181

Effective date: 20121022

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20190407